An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection
نویسندگان
چکیده
Distributed Denial of Service (DDoS) attacks represent a major threat to uninterrupted and efficient Internet service. In this paper, we empirically evaluate several major information metrics, namely, Hartley entropy, Shannon entropy, Renyi’s entropy, generalized entropy, Kullback–Leibler divergence and generalized information distance measure in their ability to detect both low-rate and high-rate DDoS attacks. These metrics can be used to describe characteristics of network traffic data and an appropriate metric facilitates building an effective model to detect both low-rate and high-rate DDoS attacks. We use MIT Lincoln Laboratory, CAIDA and TUIDS DDoS datasets to illustrate the efficiency and effectiveness of each metric for DDoS detection. © 2014 Elsevier B.V. All rights reserved.
منابع مشابه
F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملRank Correlation for Low-Rate DDoS Attack Detection: An Empirical Evaluation
A low-rate distributed denial of service (DDoS) attack has the ability to obscure its tra c because it is very similar to legitimate tra c. It can easily evade current detection mechanisms. Rank correlation measures can quantify significant di↵erences between attack tra c and legitimate traffic based on their rank values. In this paper, we use two rank correlation measures, namely, Spearmen Ran...
متن کاملRESCUE: Reputation based Service for Cloud User Environment
Exceptional characteristics of Cloud computing has replaced all traditional computing. With reduced resource management and without in-advance investment, it has been victorious in making the IT world to migrate towards it. Microsoft announced its office package as Cloud, which can prevent people moving from Windows to Linux. As this drift is escalating in an exponential rate, the cloud environ...
متن کاملDetection of Application Layer Ddos Attacks Using Information Theory Based Metrics
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently, there are an increasing number of DDoS attacks against online services and Web applications. These attacks are targeting the application level. Detecting application layer DDOS attack is not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow from the legitimate o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Pattern Recognition Letters
دوره 51 شماره
صفحات -
تاریخ انتشار 2015