Low-rate DDoS attacks detection and traceback by using new information metrics

IEEE Transactions on Information Forensics and Security

Volumn 6, Issue 2, 2011, Pages 426-437

  Xiang, Yang ^a   Li, Ke ^a   Zhou, Wanlei ^a  

^a DEAKIN UNIVERSITY   (Australia)

Author keywords

Attack detection; information metrics; IP traceback; low rate distributed denial of service (DDoS) attack

Indexed keywords

ATTACK DETECTION; ATTACK TRAFFIC; DDOS ATTACK; DETECTION SCHEME; DISTRIBUTED DENIAL OF SERVICE ATTACK; FALSE POSITIVE RATES; GENERALIZED ENTROPIES; INFORMATION DISTANCE; INFORMATION METRICS; IP TRACEBACK; KULLBACK LEIBLER DIVERGENCE; NETWORK TRAFFIC; OPTIMAL DETECTION; TRACEBACK;

ENTROPY; HIERARCHICAL SYSTEMS; LOCAL AREA NETWORKS; NETWORK SECURITY; PROBABILITY DISTRIBUTIONS; TRANSMISSION CONTROL PROTOCOL;

INFORMATION USE;

EID: 79957530146     PISSN: 15566013     EISSN: None     Source Type: Journal    
DOI: 10.1109/TIFS.2011.2107320     Document Type: Article

References (30)

1. A. Chonka et al., "Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks," J. Netw. Comput. Applicat. Jun. 23, 2010 [Online]. Available: http://dx.doi.org/10.1016/j. jnca.2010.06.004
2. X. Jin et al., "ZSBT: A novel algorithm for tracing DoS attackers in MANETs," EURASIP J. Wireless Commun. Netw., vol. 2006, no. 2, pp. 1-9, 2006.
3. A. Shevtekar, K. Anantharam, and N. Ansari, "Low rate TCP Denial- of-Service attack detection at edge routers," IEEE Commun. Lett., vol. 9, no. 4, pp. 363-365, Apr. 2005. (Pubitemid 40573761)
4. G. Carl et al., "Denial-of-service attack-detection techniques," IEEE Internet Comput., vol. 10, no. 1, pp. 82-89, Jan./Feb. 2006. (Pubitemid 43159617)
5. P. Du and S. Abe, "IP packet size entropy-based scheme for detection of DoS/DDoS attacks," IEICE Trans. Inf. Syst., vol. E91-D, no. 5, pp. 1274-1281, 2008.
6. S. Ledesma and D. Liu, "Synthesis of fractional Gaussian noise using linear approximation for generating self-similar network traffic," Comput. Commun. Rev., vol. 30, no. 2, pp. 4-17, 2000.
7. E. Perrin et al., "N th-order fractional Brownian motion and fractional Gaussian noises," IEEE Trans. Signal Process., vol. 49, no. 5, pp. 1049-1059, May 2001. (Pubitemid 32444203)
8. E. Perrin et al., "Fast and exact synthesis for 1-D fractional Brownian motion and fractional Gaussian noises," IEEE Signal Process. Lett., vol. 9, no. 11, pp. 382-384, Nov. 2002. (Pubitemid 35428554)
9. Y. Bao and H. Krim, "Renyi entropy based divergence measures for ICA," in Proc. IEEE Workshop on Statistical Signal Processing, 2003, pp. 565-568.
10. Y. Gu, A. McCallum, and D. Towsley, "Detecting anomalies in network traffic using maximum entropy estimation," in Proc. ACM SIGCOMM Conf. Internet Measurement (IMC 2005), 2005, pp. 32-32.
11. R. Sekar et al., "Specification based anomaly detection: A new approach for detecting network intrusions," in Proc. ACM Conf. Computer and Communications Security (CCS 2002), 2002, pp. 265-274.
12. A. Patcha and J.-M. Park, "An overview of anomaly detection techniques: Existing solutions and latest technological trends," Comput. Netw., vol. 51, no. 12, pp. 3448-3470, 2007. (Pubitemid 46921030)
13. C. E. Shannon, "A mathematical theory of communication," Bell Syst. Tech. J., vol. 27, pp. 379-423 and 623-656, 1948.
14. K. Zyczkowski, "Rényi extrapolation of Shannon entropy," Open Syst. Inf. Dynamics, vol. 10, no. 3, pp. 297-310, 2003.
15. K. J. Kumar, R. C. Joshi, and K. Singh, "A distributed approach using entropy to detect DDoS attacks in ISP domain," in Proc. Int. Conf. Signal Processing, Communications and Networking (ICSCN 2007), 2007, pp. 331-337.
16. A. R. Barron, L. Gyorfi, and E. C. van der Meulen, "Distribution estimation consistent in total variation and in two types of information divergence," IEEE Trans. Inf. Theory, vol. 38, no. 5, pp. 1437-1454, Sep. 1992.
17. M. Broniatowski, "Estimation of the Kullback-Leibler divergence," in Mathematical Methods of Statistics. Princeton, NJ: Princeton Univ. Press, 2003.
18. Y. Chen, K. Hwang, and W.-S. Ku, "Collaborative detection of DDoS attacks over multiple network domains," IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 12, pp. 1649-1662, Dec. 2007. (Pubitemid 350142414)
19. J.-F. Bercher, "On some entropy functionals derived from Rényi information divergence," Inf. Sci., vol. 178, no. 12, pp. 2489-2506, 2008.
20. Y. Xiang, W. Zhou, and M. Guo, "Flexible deterministic packet marking: An IP traceback system to find the real source of attacks," IEEE Trans. Parallel Distrib. Syst., vol. 20, no. 4, pp. 567-580, Apr. 2009.
21. MIT Lincoln Laboratory Data Sets [Online]. Available: http:// www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/ 2000/LLS-DDOS-0.2.2.html
22. CAIDA, 2010 [Online]. Available: http://data.caida.org/datasets/security/ ddos-20070804/
23. D. Moore et al., "Inferring Internet denial-of-service activity," ACM Trans. Comput. Syst., vol. 24, no. 2, pp. 115-139, 2006.
24. T. K. T. Law, J. C. S. Lui, and D. K. Y. Yau, "You can run, but you can't hide: An effective statistical methodology to trace back DDoS attackers," IEEE Trans. Parallel Distrib. Syst., vol. 16, no. 9, pp. 799-813, Sep. 2005. (Pubitemid 41387761)
25. L. Feinstein et al., "Statistical approaches to DDoS attack detection and response," in Proc.DARPA Information Survivability Conf. Exposition, 2003, pp. 303-314.
26. S. Yu and W. Zhou, "Entropy-Based collaborative detection of DDoS attacks on community networks," in Proc. 6th IEEE Int. Conf. Pervasive Computing and Communications (PerCom 2008), 2008, pp. 566-571.
27. W. Lee and D. Xiang, "Information-Theoretic measures for anomaly detection," in Proc. IEEE Symp. Security and Privacy, 2001, pp. 130-143. (Pubitemid 32882632)
28. H. Sun, J. C. S. Lui, and D. K. Y. Yau, "Defending against low-rate TCP attacks: Dynamic detection and protection," in Proc. IEEE Int. Conf. Network Protocols (ICNP 2004), 2004, pp. 196-205.
29. S. Zhang et al., "Detection of low-rate DDoS attack based on self-similarity," in Proc. Int. Workshop on Education Technology and Computer Science, 2010, pp. 333-336.
30. S. Yu, W. Zhou, and R. Doss, "Information theory based detection against network behavior mimicking DDoS attacks," IEEE Commun. Lett., vol. 12, no. 4, pp. 319-321, Apr. 2008.