An introduction to Kolmogorov complexity and its applications (2nd ed.)
An introduction to Kolmogorov complexity and its applications (2nd ed.)
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A survey of active network research
IEEE Communications Magazine
A proposal for new marking scheme with its performance evaluation for IP traceback
WSEAS Transactions on Computer Research
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet
Journal of Network and Systems Management
Information Security Journal: A Global Perspective
Expert Systems with Applications: An International Journal
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
Distributed denial-of-service attack detection scheme-based joint-entropy
Security and Communication Networks
Hi-index | 0.00 |
This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings when the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. We propose a distributed active network-based algorithm that exploits this property to correlate arbitrary traffic flows in the network to detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. We implement and investigate the performance of the algorithm in an active network. Our results show that DDoS attacks can be detected in a manner that is not sensitive to legitimate background traffic.