DDoS flooding attack detection scheme based on F-divergence

Computer Communications

Volumn 35, Issue 11, 2012, Pages 1380-1391

  Rahmani, Hamza ^a   Sahli, Nabil ^a   Kamoun, Farouk ^a  

^a UNIVERSITY OF MANOUBA   (Tunisia)

Author keywords

DDoS; Entropy; F divergence; Flash crowd; Total variation distance

Indexed keywords

AGGREGATE TRAFFIC; DDOS; DDOS ATTACK; DENIAL OF SERVICE ATTACKS; DISTRIBUTED DENIAL OF SERVICE ATTACK; F-DIVERGENCE; FALSE NEGATIVES; FALSE POSITIVE; FEATURE-BASED; FLASH CROWD; FLOODING ATTACKS; HIGH RATE; IP ADDRESSS; MALICIOUS TRAFFIC; REAL-TIME DETECTION; SOFT THRESHOLD; TOTAL VARIATION;

ENTROPY; TELECOMMUNICATION TRAFFIC;

COMPUTER CRIME;

EID: 84862009854     PISSN: 01403664     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comcom.2012.04.002     Document Type: Article

References (37)

1. T. Peng, C. Leckie, and K. Ramamohanarao Survey of network- based defense mechanisms countering the DoS and DDoS problems ACM Computing Surveys 39 1 2007 1 42
2. M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang Reduction of quality (RoQ) attacks on internet end systems Proceedings of IEEE INFOCOM 2 March 2005 1362 1372 (Pubitemid 41390787)
3. Y. Chen, K. Hwang, Spectral Analysis of TCP flows for defense against reduction-of-quality attacks, in: The 2007 IEEE International Conference on Communications (ICC'07), June 2007, pp. 1203-1210. (Pubitemid 351145701)
4. Y. Chen, K. Hwang, Collaborative change detection of DDoS attacks on community and ISP networks", in: The IEEE International Symposium on Collaborative Technologies and Systems (CTS 2006), May 2006, pp. 401-410. (Pubitemid 44930984)
5. Hongli Zhang, Zhimin Gu, Caixia Liu, Tang Jie, Detecting VoIP-specific denial-of-service using change-point method, in: 11th International Conf. on Feb. 2009, pp. 1059-1064.
6. L. Feinstein, D. Schnackenberg, R. Balupari, D. Kindred, Statistical approaches to DDoS attack detection and response, in: Proceedings of DARPA Information Survivability Conf. and Exposition, vol. 1, IEEE CS Press, Washington, DC, USA, 22-24 April 2003, pp. 303-314.
7. D. Moore, G.M. Voelker, S. Savage, Inferring internet denial of- service activity, in: Proceedings of 2001 USENIX Security Symposium, vol. 10, USENIX Association, August 2001, pp. 115-139.
8. Yu, Shui, Thapngam, Theerasak, Liu, Jianwen, Wei, Su and Zhou, Wanlei 2009, "Discriminating DDoS flows from flash crowds using information distance", Proc. of the third International Conf. on Network and System Security, IEEE, Piscataway, N. J., 2009, pp. 351-356.
9. Mohamed. Hamdi, and Noureddine. Boudriga Detecting denial-of-service attacks using the wavelet transform Computer Communications 30 16 2007 3203 3213
10. G. Carl, R.R. Brooks, and S. Rai Wavelet based denial-of-service detection Computers and Security 25 8 2006 600 615 (Pubitemid 44765088)
11. Z. Duan, X. Yuan, J. Chandrashekar, Controlling IP Spoofing through Inter domain Packet Filters, in: IEEE Trans. on Dependable and Secure, Computing, 5(1), January-March 2008, pp. 22-36. (Pubitemid 351239530)
12. F. Yi, S. Yu, W. Zhou, J. Hai, and A. Bonti Source-based filtering algorithm against DDOS attacks International Journal of Database Theory and Application 1 1 December 2008 9 20
13. H. Wang, C. Jin, K.G. Shin, Defense against spoofed IP traffic using hop-count filtering, in: IEEE/ACM Trans.s on Networking, vol. 15, No. 1, February 2007, pp. 40-53. (Pubitemid 46464416)
14. Scott Fowler, Sherali Zeadally, Naveen Chilamkurti, Impact of denial of service solutions on network quality of service, security and communication networks article first published, online 26 JUL 2010, http://dx.doi.org/10.1002/ sec.219.
15. G. Carl, G. Kesidis, R.R. Brooks, and S. Rai Denial-of-service attack detection techniques IEEE Internet Computing 10 1 2006 82 89
16. J. Jung, B. Krishnamurthy, and M. Rabinovich Flash crowds and denial-of-service attacks: characterization and implications for CDNs and web sites Proceedings of the International World Wide Web Conference 2002 ACM Press New York 293 304
17. Krishan Kumar, R.C. Joshil, Kuldip Singh, A Distributed Approach using Entropy to Detect DDoS Attacks, in: ISP Domain", IEEE-ICSCN 2007, MIT Campus, Anna University, Chennai, India, 2007, pp.331-337. (Pubitemid 47304132)
18. Anukool Lakhina, Mark Crovella, and Christophe Diot Mining anomalies using traffic feature distributions 2005 SIGCOMM Philadelphia, USA pp. 217-228
19. Amit. Kulkarni, and Stephen. Bush Detecting distributed denial-of-service attacks using kolmogorov complexity gauges Journal of Network and Systems Management 14 1 March 2006 69 80
20. E. Earl Eiland D, Lorie M. Liebrock, An application of information theory to intrusion detection, in: Fourth IEEE International Workshop on Information Assurance, 2006, pp 119-135.
21. Y. Chen, and K. Hwang Collaborative detection and filtering of shrew DDoS attacks using spectral analysis Journal of Parallel and Distributed Computing 66 9 2006 1137 1151 (Pubitemid 44205394)
22. C.M. Cheng, H.T. Kung, K.S. Tan, Use of spectral analysis in defense against DoS attacks", in: IEEE Global Communications Conference, 2002, pp. 2143-2148.
23. K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci Robust and efficient detection of DDoS attacks for large-scale internet Computer Networks 51 September 2007 5036 5056 (Pubitemid 350008118)
24. S. Yu, W. Zhou, and R. Doss Information theory based detection against network behavior mimicking DDoS attack IEEE Communications Letters 12 4 April 2008 319 321
25. H. Sengar, H. Wang, D. Wijesekera, S. Jajodia, Detecting VoIP floods using the Hellinger Distance, in: IEEE Transactions on Parallel and Distributed Systems, vol. 19, No. 6, June 2008. pp. 794-805.
26. http://tracer.csl.sony.co.jp/mawi/, accessed November 05, 2010.
27. http://www.lasr.cs.ucla.edu/ddos/traces/, accessed November 05, 2010.
28. http://www.caida.org/data/passive/ddos-200708040-dataset.xml.
29. M. Basseville Distance measures for signal processing and pattern recognition Signal Processing 18 4 1989 349 369 (Pubitemid 20636472)
30. T.M. Cover, and J.A. Thomas Elements of Information Theory 2nd edition 2006 Wiley-Interscience June
31. H. Papagiannaki K., Taft N., Bhattacharyya S., Thiran P., Salamatian K., Diot C., A pragmatic definition of elephants in internet backbone traffic, in: Internet Measurement Workshop. ACM, 2002, pp. 175-176.
32. Sumantra R. Kundu, Sourav Pal, Kalyan Basu, Sajal K. Das: Fast Classification and Estimation of Internet Traffic Flows, PAM 2007: 155-164.
33. T. M. Gil, M. Poletto. MULTOPS: a data-structure for bandwidth attack detection. in Proceedings. of 10th Usenix Security, Symposium, August 2001. pp. 23-38.
34. J. Mirkovic, P. Reiher, D-WARD: a source-end defense against flooding denial-of-service attacks, in: IEEE Transactions on Dependable and Secure, Computing, 2(3), July-Sept. 2005, pp. 216-232. (Pubitemid 41560432)
35. W. John, S. Tafvelin. Analysis of Internet backbone traf?c and header anomalies observed, in: IMC '07: Proceedings of the Seventh ACM SIGCOMM conference on Internet measurement, New York, NY, USA, pp. 111-116.
36. P. Pan, Y. Cui, and B. Liu A measurement study on video acceleration service; in: Sixth Annual IEEE Consumer Communication & Networking Conference (CCNC) 2009 Las Vegas NV, January
37. M. Zhang, M. Dusi, W. John, C. Chen. Analysis of UDP Traffic Usage on Internet Backbone Links, in: Proceedings of the Nineth Annual International Symposium on Applications and the Internet (SAINT 2009, Student Workshop), Seattle, USA, Jul. 2009.