• PDF / 665,113 Bytes
• 15 Pages / 430 x 660 pts Page_size
• 104 Downloads / 220 Views

DOWNLOAD

REPORT

3

National University of Singapore, Singapore [email protected] 2 Institute for Infocomm Research, Singapore [email protected] Symantec Software Dev. (Chengdu) Co. Ltd, China ning [email protected]

Abstract. Distributed Denial of Service (DDoS) attack poses a severe threat to the Internet. It is difficult to find the exact signature of attacking. Moreover, it is hard to distinguish the difference of an unusual high volume of traffic which is caused by the attack or occurs when a huge number of users occasionally access the target machine at the same time. The entropy detection method is an effective method to detect the DDoS attack. It is mainly used to calculate the distribution randomness of some attributes in the network packets’ headers. In this paper, we focus on the detection technology of DDoS attack. We improve the previous entropy detection algorithm, and propose two enhanced detection methods based on cumulative entropy and time, respectively. Experiment results show that these methods could lead to more accurate and effective DDoS detection. Keywords: DDoS detection, entropy computing, network security.

1

Introduction

The traditional Denial of Service (DoS) attack is usually a point-to-point attack. The attacker makes use of proper service requests to occupy excessive service resources to force the server crash, or to make other legal users unable to attain timely service responses. When the host under attack has limited computing, memory and network bandwidth, the consequence of DoS attacks could be fairly serious. However, along the development of computer and network technology, the impact of DoS attacks has been significantly mitigated. Distributed Denial of Service. (DDoS) attack is an extension of the traditional DoS attack. DDoS attack is a kind of distributed, cooperative large-scale attack. It has the same working principles as DoS, but compared with the traditional DoS whose attack is originated from a single attacker point, the realization of DDoS comes from hundreds or even thousands of PC attackers which have been installed Daemon, and it is a group-based attack behavior. The targets of DDoS are usually high-volume websites, search engines, or government departments. S. Qing, H. Imai, and G. Wang (Eds.): ICICS 2007, LNCS 4861, pp. 452–466, 2007. c Springer-Verlag Berlin Heidelberg 2007 

DDoS Attack Detection Algorithms Based on Entropy Computing

453

Compared with the traditional DoS attack, DDoS attacks possess more attacking resources and have more destroying power, and thus they are more difficult to be detected and defended. DDoS attacks have brought tremendous threat to the security of Internet, and also gain much research attention in the area of network security [4, 20]. Now, the DDoS attacks tend to become more distributed and automated, and the destruction is more serious. The attacks have some technical trends: (1) make use of clusters of controlled PCs to start intensive attacks; (2) produce randomly distributed source IP addresses to conceal the track; (3) change th

Recommend Documents

DDoS Attack Detection Based on One-Class SVM in SDN

190 13 58MB

PCA-Based DDoS Attack Detection of SDN Environments

167 40 90MB

Detection and Defense Against DDoS Attack on SDN Controller Based on Spatiotemporal Feature

152 35 67MB

Detection and Deactivation of Application Layer-Based DDoS Attack from Private Tor Network

171 59 43MB

Cyber Attack Detection Framework for Cloud Computing

219 103 30MB

DDoS Attack Mitigation Using Random and Flow-Based Scheme

151 13 425KB

Analysis of DDoS Attack in Cloud Infrastructure

184 0 31MB

Survey on DDoS and EDoS Attack in Cloud Environment

147 72 22MB

Community Detection in Complex Networks Using Algorithms Based on K-Means and Entropy

139 31 88MB

A DDoS Attack Defense Method Based on Blockchain for IoTs Devices

178 22 71MB

Sports Detection System Based on Cloud Computing

187 47 90MB

Research on Job Scheduling Algorithms Based on Cloud Computing

179 70 48MB