Traceback of DDoS Attacks Using Entropy Variations

Authors:
Shui Yu;Wanlei Zhou;Robin Doss;Weijia Jia
Affiliations:
Deakin University, Burwood;Deakin University, Burwood;Deakin University, Burwood;City University of Hong Kong, Hong Kong
Venue:
IEEE Transactions on Parallel and Distributed Systems
Year:
2011

Citing 0
Cited 8

Automatic control method of DDoS defense policy through the monitoring of system resource

AICT'11 Proceedings of the 2nd international conference on Applied informatics and computing theory
An incrementally deployable path address scheme

Journal of Parallel and Distributed Computing
A novel hybrid IP traceback scheme with packet counters

IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
Endpoint mitigation of DDoS attacks based on dynamic thresholding

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Service Violation Monitoring Model for Detecting and Tracing Bandwidth Abuse

Journal of Network and Systems Management
Detecting latent attack behavior from aggregated Web traffic

Computer Communications
A confidence-based filtering method for DDoS attack defense in cloud environment

Future Generation Computer Systems
DDoS avoidance strategy for service availability

Cluster Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. However, the memoryless feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this paper, we propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet marking techniques. In comparison to the existing DDoS traceback methods, the proposed strategy possesses a number of advantages—it is memory nonintensive, efficiently scalable, robust against packet pollution, and independent of attack traffic patterns. The results of extensive experimental and simulation studies are presented to demonstrate the effectiveness and efficiency of the proposed method. Our experiments show that accurate traceback is possible within 20 seconds (approximately) in a large-scale attack network with thousands of zombies.