Detection of anomalous packet traffic via entropy

Ławniczak, Anna T.; Wu, Hao; Stefano, Bruno N. Di

doi:10.1109/ccece.2009.5090107

Cited by 2 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FAEB scheme does so periodically based on the adopted time in the module's configuration by calculating entropy of overall requests through the following formulas [50–55]:

\begin{matrix} entropy = Pi * \log_{2} Pi, \\ Pi = \frac{uri_counts}{total_counts} . \end{matrix}

…”

Section: Flexible Collaborative Multilayer Ddos Prevention Frammentioning

confidence: 99%

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

Manaf

2015

The Scientific World Journal

View full text Add to dashboard Cite

The growth of web technology has brought convenience to our life, since it has become the most important communication channel. However, now this merit is threatened by complicated network-based attacks, such as denial of service (DoS) and distributed denial of service (DDoS) attacks. Despite many researchers' efforts, no optimal solution that addresses all sorts of HTTP DoS/DDoS attacks is on offer. Therefore, this research aims to fix this gap by designing an alternative solution called a flexible, collaborative, multilayer, DDoS prevention framework (FCMDPF). The innovative design of the FCMDPF framework handles all aspects of HTTP-based DoS/DDoS attacks through the following three subsequent framework's schemes (layers). Firstly, an outer blocking (OB) scheme blocks attacking IP source if it is listed on the black list table. Secondly, the service traceback oriented architecture (STBOA) scheme is to validate whether the incoming request is launched by a human or by an automated tool. Then, it traces back the true attacking IP source. Thirdly, the flexible advanced entropy based (FAEB) scheme is to eliminate high rate DDoS (HR-DDoS) and flash crowd (FC) attacks. Compared to the previous researches, our framework's design provides an efficient protection for web applications against all sorts of DoS/DDoS attacks.

show abstract

“…FAEB scheme does so periodically based on the adopted time in the module's configuration by calculating entropy of overall requests through the following formulas [50–55]:

\begin{matrix} entropy = Pi * \log_{2} Pi, \\ Pi = \frac{uri_counts}{total_counts} . \end{matrix}

…”

Section: Flexible Collaborative Multilayer Ddos Prevention Frammentioning

confidence: 99%

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

Manaf

2015

The Scientific World Journal

View full text Add to dashboard Cite

show abstract

“…In other words, the statistically self-similar models in these papers only focus on the changes of traffic value not considering the impact of distributional aspects of packet (called packet composition). Intuitively, DoS attacks are purposely created by humans they must affect the natural "structure and randomness" of packet under normal conditions [9]. Jiangtao Shi [10] controlled the number of packets with statistically self-similar model, however, the generation of IP address and Port is based on probabilities.…”

Section: Introductionmentioning

confidence: 99%

“…Second, unusual distributions reveal valuable information about the structure of anomalies. Current research in the traffic composition mainly relies on the theory of entropy [9][11] [12][13] by which network anomalies can be detected. However, the flaw of entropy methodology is that it can only reflect the overall trend of traffic and not sensitive to the dynamics of traffic specific composition.…”

Section: Introductionmentioning

confidence: 99%

A DoS Detection Method Based on Composition Self-Similarity

Zhu¹

2012

KSII TIIS

View full text Add to dashboard Cite

Based on the theory of local-world network, the composition self-similarity (CSS) of network traffic is presented for the first time in this paper for the study of DoS detection. We propose the concept of composition distribution graph and design the relative operations. The (R/S) d algorithm is designed for calculating the Hurst parameter. Based on composition distribution graph and Kullback Leibler (KL) divergence, we propose the composition self-similarity anomaly detection (CSSD) method for the detection of DoS attacks. We evaluate the effectiveness of the proposed method. Compared to other entropy based anomaly detection methods, our method is more accurate and with higher sensitivity in the detection of DoS attacks.

show abstract

Detection of anomalous packet traffic via entropy

Cited by 2 publications

References 6 publications

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

A DoS Detection Method Based on Composition Self-Similarity

Contact Info

Product

Resources

About