Dynamic entropy based DoS attack detection method

Authors:
Zhu Jian-Qi;Fu Feng;Yin Ke-Xin;Liu Yan-Heng
Affiliations:
College of Computer Science and Technology, Jilin University, 2699 Qianjin Street, Changchun, China and Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education, J ...;College of Computer Science and Technology, Jilin University, 2699 Qianjin Street, Changchun, China and Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education, J ...;College of Software, Changchun University of Technology, 2055 Yanan Street, Changchun, China;College of Computer Science and Technology, Jilin University, 2699 Qianjin Street, Changchun, China and Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of Education, J ...
Venue:
Computers and Electrical Engineering
Year:
2013

Citing 11
Cited 0

Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A hybrid machine learning approach to network anomaly detection

Information Sciences: an International Journal
An empirical evaluation of entropy-based traffic anomaly detection

Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors

IEEE/ACM Transactions on Networking (TON)
A TCAM-based solution for integrated traffic anomaly detection and policy filtering

Computer Communications
Effective DDoS Attacks Detection Using Generalized Entropy Metric

ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge

Computer Communications
Intrusion detection using reduced-size RNN based on feature grouping

Neural Computing and Applications - Special Issue on LSMS2010 and ICSEE 2010
Revealing network communities with a nonlinear programming method

Information Sciences: an International Journal
Detecting denial of service by modelling web-server behaviour

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Denial of Service (DoS) attack poses a severe threat to the Internet. Entropy-based methods have been successfully used to detect specific types of malicious traffic. This paper presents a novel dynamic entropy-based model for the detection of DoS attack. Based on the theory of alive communication, the dynamic entropy model is constructed by combining the information entropy as well as the feature of netflow conversation correlation. This is the first application of the theory of alive communication in the network anomalies detection. To evaluate the performance of the dynamic entropy model, we compare it with the traditional information entropy model. The experiment results demonstrate the presence of traffic's dynamic entropy and show that the dynamic entropy keeps stable under normal traffic. By contrast, it fluctuates significantly when the network subjects to DoS attacks. Moreover, the detection rate of dynamic entropy-based model is higher and can detect unknown DoS attacks effectively.