Title :
Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks
Author :
Yu, Shui ; Zhou, Wanlei
Author_Institution :
Sch. of Eng. & Inf. Technol., Deakin Univ., Burwood, VIC
Abstract :
A community network often operates with the same Internet service provider domain or the virtual network of different entities who are cooperating with each other. In such a federated network environment, routers can work closely to raise early warning of DDoS attacks to void catastrophic damages. However, the attackers simulate the normal network behaviors, e.g. pumping the attack packages as poisson distribution, to disable detection algorithms. It is an open question: how to discriminate DDoS attacks from surge legitimate accessing. We noticed that the attackers use the same mathematical functions to control the speed of attack package pumping to the victim. Based on this observation, the different attack flows of a DDoS attack share the same regularities, which is different from the real surging accessing in a short time period. We apply information theory parameter, entropy rate, to discriminate the DDoS attack from the surge legitimate accessing. We proved the effectiveness of our method in theory, and the simulations are the work in the near future. We also point out the future directions that worth to explore in the future.
Keywords :
Internet; Poisson distribution; entropy; groupware; security of data; DDoS attacks; Internet service provider domain; Poisson distribution; attack package pumping; community networks; detection algorithms; entropy-based collaborative detection; virtual network; Collaboration; Computer crime; Counting circuits; Detectors; Entropy; Floods; Packaging; Surges; Telecommunication traffic; Traffic control;
Conference_Titel :
Pervasive Computing and Communications, 2008. PerCom 2008. Sixth Annual IEEE International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-0-7695-3113-7
DOI :
10.1109/PERCOM.2008.12
