Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics

Authors:
Amit Kulkarni;Stephen Bush
Affiliations:
Rensselaer Polytechnic Institute (RPI), New York, USA;Rensselaer Polytechnic Institute (RPI), New York, USA
Venue:
Journal of Network and Systems Management
Year:
2006

Citing 5
Cited 6

An introduction to Kolmogorov complexity and its applications (2nd ed.)

An introduction to Kolmogorov complexity and its applications (2nd ed.)
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)

Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A survey of active network research

IEEE Communications Magazine

A proposal for new marking scheme with its performance evaluation for IP traceback

WSEAS Transactions on Computer Research
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Journal of Network and Systems Management
Collaborative Framework for Detection, Prevention, and Traceback of Flooding Attacks Using Marking and Filtering

Information Security Journal: A Global Perspective
Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers

Expert Systems with Applications: An International Journal
DDoS flooding attack detection scheme based on F-divergence

Computer Communications
Distributed denial-of-service attack detection scheme-based joint-entropy

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes an approach to detecting distributed denial of service (DDoS) attacks that is based on fundamentals of Information Theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity states that the joint complexity measure of random strings is lower than the sum of the complexities of the individual strings when the strings exhibit some correlation. Furthermore, the joint complexity measure varies inversely with the amount of correlation. We propose a distributed active network-based algorithm that exploits this property to correlate arbitrary traffic flows in the network to detect possible denial-of-service attacks. One of the strengths of this algorithm is that it does not require special filtering rules and hence it can be used to detect any type of DDoS attack. We implement and investigate the performance of the algorithm in an active network. Our results show that DDoS attacks can be detected in a manner that is not sensitive to legitimate background traffic.