Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

DDoS Attacks Detection and Trace Back the System


Affiliations
1 School of Information Technology, Veltech Dr. RR & Dr. SR Technical University, Chennai, India
     

   Subscribe/Renew Journal


A low-rate distributed denial of service (DDoS) at-tack has significant ability of concealing its traffic because it is very much like normal traffic. It has the capacity to elude the cur-rent anomaly-based detection schemes. An information metric can quantify the differences of network traffic with various probability distributions. In this paper, we innovatively propose using two new information metrics such as the generalized entropy metric and the information distance metric to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic. The proposed generalized entropy metric can detect attacks several hops earlier than the traditional Shannon metric. The proposed information distance metric outperforms the popular Kullback-Leibler divergence approach as it can clearly enlarge the adjudication distance and then obtain the optimal detection sensitivity. The experimental results show that the proposed information metrics can effectively detect low-rate DDoS attacks and clearly reduce the false positive rate. Furthermore, the proposed IP traceback algorithm can find all attacks as well as attackers from their own local area networks (LANs) and discard attack traffic.

Keywords

Attack Detection, Information Metrics, IP Trace-Back, Low-Rate Distributed Denial of Service (DDoS) Attack.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 217

PDF Views: 3




  • DDoS Attacks Detection and Trace Back the System

Abstract Views: 217  |  PDF Views: 3

Authors

D. Delhi Ganesh
School of Information Technology, Veltech Dr. RR & Dr. SR Technical University, Chennai, India

Abstract


A low-rate distributed denial of service (DDoS) at-tack has significant ability of concealing its traffic because it is very much like normal traffic. It has the capacity to elude the cur-rent anomaly-based detection schemes. An information metric can quantify the differences of network traffic with various probability distributions. In this paper, we innovatively propose using two new information metrics such as the generalized entropy metric and the information distance metric to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic. The proposed generalized entropy metric can detect attacks several hops earlier than the traditional Shannon metric. The proposed information distance metric outperforms the popular Kullback-Leibler divergence approach as it can clearly enlarge the adjudication distance and then obtain the optimal detection sensitivity. The experimental results show that the proposed information metrics can effectively detect low-rate DDoS attacks and clearly reduce the false positive rate. Furthermore, the proposed IP traceback algorithm can find all attacks as well as attackers from their own local area networks (LANs) and discard attack traffic.

Keywords


Attack Detection, Information Metrics, IP Trace-Back, Low-Rate Distributed Denial of Service (DDoS) Attack.