Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
A pragmatic definition of elephants in internet backbone traffic
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
An Application of Information Theory to Intrusion Detection
IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics
Journal of Network and Systems Management
Collaborative Change Detection of DDoS Attacks on Community and ISP Networks
CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
Controlling IP Spoofing through Interdomain Packet Filters
IEEE Transactions on Dependable and Secure Computing
Discriminating DDoS Flows from Flash Crowds Using Information Distance
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Detecting VoIP-specific denial-of-service using change-point method
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Fast classification and estimation of internet traffic flows
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Hi-index | 0.00 |
Distributed denial-of-service (DDoS) attacks present an increasing threat to the global inter-networking infrastructure. While entropy schemes are highly robust to diverse network conditions, they remain vulnerable to distribute attacks that are similar to legitimate traffic. With the knowledge that the objective of a DDoS attack is to saturate as soon as possible the resources of the target, this would engender an unexpected disproportion between the number of received packets and the number of connections. However, in the case of flash crowds, an increase in the number of packets is always accompanied by an increase in the number of connections. In this work, we used joint-entropy that quantifies the degree of disproportion to detect traffic anomalies. We investigate a class of intelligent attacks, which, unlike high-rate attacks, are difficult for entropy schemes to detect. The experimental results indicate that our joint-entropy scheme can detect this type of attacks accurately. Compared with an entropy-based scheme, the improvement is 40% for the distributed attacks. Copyright © 2011 John Wiley & Sons, Ltd. (Distributed denial-of-service (DDoS) attacks present an increasing threat to the global inter-networking infrastructure. While entropy schemes are highly robust to diverse network conditions, they remain vulnerable to distribute attacks that are similar to legitimate traffic. With the knowledge that the objective of a DDoS attack is to saturate as soon as possible the resources of the target, this would engender an unexpected disproportion between the number of received packets and the number of connections.)