Referenced Items are not available for this document.
Distributed Denial of service (DDoS) attack has become one of the most serious threats to the Internet. DDoS attack can be considered a system anomaly or misuse from which abnormal behaviour is imposed on network traffic. Network traffic characterization with behaviour modelling could be a good indication of attack detection witch can be performed via abnormal behaviour identification. Moreover, it is hard to distinguish the difference of an unusual high volume of traffic which is caused by the attack or occurs when a huge number of users occasionally access the target machine at the same time. While previous work has demonstrated the benefits of entropy-based anomaly detection, there has been little effort to understand the detection power of using joint entropy analysis of multiple traffic distributions. We observe that the time series of IP-flow number and aggregate traffic size are strongly statistically dependant. The occurrence of attack affects this dependence and causes a rupture in time series of joint entropy values. Experiment results show that this method could lead to more accurate and effective DDoS detection.
Published in:
Information Assurance and Security, 2009. IAS '09. Fifth International Conference on
(Volume:2
)
Date of Conference: 18-20 Aug. 2009
- Page(s):
- 267 - 271
- Print ISBN:
- 978-0-7695-3744-3
- INSPEC Accession Number:
- 10908695
- Conference Location :
- Xian
- Digital Object Identifier :
- 10.1109/IAS.2009.298
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
