Abstract
Distributed Denial of Service (DDoS) attack poses a severe threat to the Internet. It is difficult to find the exact signature of attacking. Moreover, it is hard to distinguish the difference of an unusual high volume of traffic which is caused by the attack or occurs when a huge number of users occasionally access the target machine at the same time. The entropy detection method is an effective method to detect the DDoS attack. It is mainly used to calculate the distribution randomness of some attributes in the network packets’ headers. In this paper, we focus on the detection technology of DDoS attack. We improve the previous entropy detection algorithm, and propose two enhanced detection methods based on cumulative entropy and time, respectively. Experiment results show that these methods could lead to more accurate and effective DDoS detection.
Chapter PDF
Similar content being viewed by others
References
Shannon, C.E., Weaver, W.: The Mathematical Theory of Communication. University of Illinois Press (1963)
Siaterlis, C., Maglaris, V.: Detecting Incoming and Outgoing DDoS Attacks at the Edge using a Single set of Network Characteristics. In: 10th IEEE Symposium on Computers and Communications (ISCC 2005), pp. 469–475 (2005)
Chang, R.K.C.: Defending against Flooding-based Distributed Denial-of-Service Attacks: a Tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)
Cao, Y., Li, H., Lv, D.: DDoS-based TCP SYN Flood and Defense. Electrical Technology (2004)
Dittrich, D.: The Stacheldraht’ Distributed Denial of Service Attack Tool (1999), http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
Risso, F., Delgioanni, L., Varenni, G., Viano, P., Pai, N.: WinPcap: The Windows Packet Capture Library, http://www.winpcap.org/
Yuan, J., Mills, K.: Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Transactions on Dependable and Secure Computing 2(4) (2005)
Feinstein, L., Schnackenberg, D.: Statistical Approaches to DDoS Attack Detection and Response. In: 2003 DARPA Information Survivability Conference and Exposition (DISCEX 2003), pp. 303–314 (2003)
Limwiwatkul, L., Rungsawangr, A.: Distributed Denial of Service Detection using TCP/IP Header and Traffic Measurement Analysis. In: 2004 International Symposium on Communications and Information Technologies (ISCIT 2004), Sapporo, Japan (2004)
Lu, J., Yin, C., Zhuang, X., Lu, K., Li, O.: DDoS Attack Detection based on Non-parameter CUSUM. In: Computer and Network (2004)
Lin, B., Li, O., Liu, Q.: DDoS Attacks Detection Based On Sequential Change Detection. Computer Engineering 31(9) (2005)
Li, Q., Chang, E.-C., Chan, M.C.: On the Effectiveness of DDoS Attacks on Statistical Filtering. IEEE INFOCOM 2005, 1373–1383 (2005)
Li, L., Lee, G.: DDoS Attack Detection and Wavelets. In: 12th International Conference on Computer Communications and Networks (ICCCN 2003), pp. 421–427 (2003)
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: 1997 National Information Systems Security Conference (NISSC 1997), pp. 353–365 (1997)
Jin, S.Y., Yeung, D.S.: DDOS Detection Based on Feature Space Modeling. In: 3rd International Conference on Machine Learning and Cybernetics, Shanghai, pp. 4210–4215 (2004)
Jin, S.Y., Yeung, D.S.: A Covariance Analysis Model for DDoS Attack Detection. In: 2004 IEEE International Conference on Communications (ICC 2004), pp. 1882–1886 (2004)
Shim, S.-H., Yoo, K.-M., Han, K.-E., Kang, C.-K., So, W.-H., Song, J.-T., Kim, Y.-C.: Destination Address Monitoring Scheme for Detecting DDoS Attack in Centralized Control Network. In: 2006 Asia-Pacific Conference on Communications, pp. 1–5 (2006)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from Distributed Denial of Service Attacks using History-based IP Filtering. In: 2003 IEEE International Conference on Communications (ICC 2003), pp. 482–486 (2003)
Lu, W., Traore, I.: An Unsupervised Approach for Detecting DDoS Attacks based on Traffic-based Metrics. In: 2005 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM 2005), pp. 462–465 (2005)
Xu, K., Xu, M., Wu, J.: Research on Distributed Denial-of-service Attacks: a Survey. Mini-micro Systems 25(3) (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, L., Zhou, J., Xiao, N. (2007). DDoS Attack Detection Algorithms Based on Entropy Computing. In: Qing, S., Imai, H., Wang, G. (eds) Information and Communications Security. ICICS 2007. Lecture Notes in Computer Science, vol 4861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77048-0_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-77048-0_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77047-3
Online ISBN: 978-3-540-77048-0
eBook Packages: Computer ScienceComputer Science (R0)