• DocumentCode
    3509779
  • Title

    A new relative entropy based app-DDoS detection method

  • Author

    Wang, Jin ; Yang, Xiaolong ; Long, Keping

  • Author_Institution
    Res. Center for Opt. Internet & Mobile Inf. Network, Univ. of Electron. Sci. & Technol. of China, Chengdu, China
  • fYear
    2010
  • fDate
    22-25 June 2010
  • Firstpage
    966
  • Lastpage
    968
  • Abstract
    Distributed Denial of Service (abbreviated DDoS) attack is a serious problem to the network services. This paper analyzed some solutions to the application layer DDoS (abbreviated app-DDoS) attack, and proposed a relative entropy based app-DDoS detection method. Our scheme includes two stages: learning stage and detection stage. Firstly at the learning stage, it extracts main click features of web objects with the cluster methods. Then at the detection stages, it computes the relative entropy for each session according to the learning result. The greater the session´s relative entropy, the more suspicious the session is. At last, simulation results suggest that this method can differentiate the attack session with high detection rate and low false negative ratio.
  • Keywords
    Humans; Indexes; DDoS; IP network; relative entropy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computers and Communications (ISCC), 2010 IEEE Symposium on
  • Conference_Location
    Riccione, Italy
  • ISSN
    1530-1346
  • Print_ISBN
    978-1-4244-7754-8
  • Type

    conf

  • DOI
    10.1109/ISCC.2010.5546587
  • Filename
    5546587
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3509779