ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Security evaluation targets for enhancement of IT systems assurance
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II
Hi-index | 0.00 |
High bandwidth DDoS attacks consume more resources and have direct impact at ISP level in contrast to low rate DDoS attacks which lead to graceful degradation of network and are mostly undetectable. Although an array of detection schemes have been proposed, current requirement is a real time DDoS detection mechanism that adapts itself to varying network conditions to give minimum false alarms. DDoS attacks that disturb the distribution of traffic features in ISP domain are reflected by entropic variations on in stream samples. We propose honeypot detection for attack traffic having statistically similar distribution features as legitimate traffic. Next we propose to calibrate the detection mechanism for minimum false alarm rate by varying tolerance factor in real time. Simulations are carried out in ns-2 at different attack strengths. We also report our experimental results over MIT Lincoln lab dataset and its subset KDD 99 dataset. Results show that the proposed approach is comparable to previously reported approaches with an advantage of variable rate attack detection with minimum false positives and negatives.