A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

Zhao, Yuntao; Zhang, Wenbo; Feng, Yongxin; Yu, Bo

doi:10.1155/2018/9463653

Cited by 19 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In [19], the authors propose a new two-step method for DDoS attack detection, which combines the approaches of network traffic entropy and the TSK Fuzzy System (TSK-FS), and shows that the TSK-FS DDoS detector reaches enhanced sensitivity and robustness in the detection process. Reference [20] shows a method to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes.…”

Section: Related Workmentioning

confidence: 99%

“…On the other point of view, we will see a sharp decline of the entropy of destination IP until the number of attack packets reaches the width of the entropy sliding window, and this is a traditional and the most popular detection basis. But actually, the result will be interfered with by some indicators such as the target numbers, policies that motivate traffic to burst up, which is called ''a benign flash crowd'' in Zhao's research [19], etc.…”

Section: : Value Counter Dictionary and Counter Matrixmentioning

confidence: 99%

See 1 more Smart Citation

RTVD: A Real-Time Volumetric Detection Scheme for DDoS in the Internet of Things

Liu

Zhi

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are increasingly harmful to the cyberspace nowadays. The attackers can now easily launch a bigger and more challenging DDoS attack both towards and with Internet-of-Things (IoT) devices, due to the fast popularization of them. Because of the characteristic of fast overwhelming, it is important to make fast as well as accurate response to DDoS attacks, and the realtime performance can be even more important to prevent and legitimate the attacks. Among the methods proposed by researchers, the entropy-based detection method provides a sensitive and reliable performance. However, the balance between computational complexity and recognition accuracy remains a challenge. In this paper, we propose a detection method that consists of 3 main parts in different aspects: a sliding time window to fasten the entropy calculation, a single-directional filter to realize early detection during the DDoS progress but not after the crash, and a quintile deviation check algorithm to optimize the detection result. These will eventually lead to a real-time and high-efficient performance to recognize IoT DDoS attacks as soon as possible.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: : Value Counter Dictionary and Counter Matrixmentioning

confidence: 99%

RTVD: A Real-Time Volumetric Detection Scheme for DDoS in the Internet of Things

Liu

Zhi

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…DDoS attack is a serious threat to network stability and security due to a huge resource asymmetry between the network and the victim because the attacks usually come not only from multiple sources but also distributed geographically [49], [50], [51], [52].…”

Section: A Distributed Denial Of Services (Ddos) Attacksmentioning

confidence: 99%

Detection Techniques of Distributed Denial of Service Attacks on Software-Defined Networking Controller–A Review

et al. 2020

View full text Add to dashboard Cite

The wide proliferation of telecommunication technologies in the last decade gives rise to the number of more sophisticated security threats. Software-Defined Networking (SDN) is a new networking architecture that isolates the network control plane from the data plane that incidentally provides better features and functionalities to detect and deal with those security threats. Its elastic programmable feature permits efficient network management and provides network operators with the flexibility to monitor and fine-tune their network. However, the new technology also created many new security concerns, and the threat of Distributed Denial of Service (DDoS) attack is one of the major concerns. This paper presents a comprehensive review of state-of-the-art techniques to detect DDoS attacks on SDN controller. It first describes the SDN technology and then elaborates on the mechanism of DDoS attacks on SDN. Additionally, this paper also describes all major DDoS detection techniques and classifies them at a very high level according to the techniques or methods used. The current survey is qualitatively compared with the existing surveys using various author-defined metrics. Finally, this paper provides a guideline for future research related to detection techniques of DDoS against the SDN controller.

show abstract

“…This is to ensure that the attack can bypass security devices, and the targeted web server is collapsed and unable to serve a client’s request. DDoS attacks are executed at the network layer, which can be easily detected [ 23 ]. Due to this, the attacker opts to execute the attack at the application layer to make a web server turn to offline mode therefore incapable of responding to a client’s request [ 3 ].…”

Section: Ddos Attack Strategy At Application Layermentioning

confidence: 99%

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

show abstract

A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

Cited by 19 publications

References 12 publications

RTVD: A Real-Time Volumetric Detection Scheme for DDoS in the Internet of Things

RTVD: A Real-Time Volumetric Detection Scheme for DDoS in the Internet of Things

Detection Techniques of Distributed Denial of Service Attacks on Software-Defined Networking Controller–A Review

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Contact Info

Product

Resources

About