Deciding optimal entropic thresholds to calibrate the detection mechanism for variable rate DDoS attacks in ISP domain: honeypot based approach

Authors:
Anjali Sardana;R. C. Joshi;Tai-Hoon Kim;Sung Jang
Affiliations:
Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India;Department of Electronics and Computer Engineering, Indian Institute of Technology, Roorkee, India;Hannam University, Daejeon, South Korea;Department of e-Business, College of Tongwon, Gwangju-si, Gyeonggi-do, Korea
Venue:
Journal of Intelligent Manufacturing
Year:
2010

Citing 9
Cited 0

Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Results of the KDD'99 classifier learning

ACM SIGKDD Explorations Newsletter
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain

IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Deciding Optimal Entropic Thresholds to Calibrate the Detection Mechanism for Variable Rate DDoS Attacks in ISP Domain

ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Security evaluation targets for enhancement of IT systems assurance

ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

High bandwidth DDoS attacks consume more resources and have direct impact at ISP level in contrast to low rate DDoS attacks which lead to graceful degradation of network and are mostly undetectable. Although an array of detection schemes have been proposed, current requirement is a real time DDoS detection mechanism that adapts itself to varying network conditions to give minimum false alarms. DDoS attacks that disturb the distribution of traffic features in ISP domain are reflected by entropic variations on in stream samples. We propose honeypot detection for attack traffic having statistically similar distribution features as legitimate traffic. Next we propose to calibrate the detection mechanism for minimum false alarm rate by varying tolerance factor in real time. Simulations are carried out in ns-2 at different attack strengths. We also report our experimental results over MIT Lincoln lab dataset and its subset KDD 99 dataset. Results show that the proposed approach is comparable to previously reported approaches with an advantage of variable rate attack detection with minimum false positives and negatives.