Low-rate DDOS Attack Detection using Optimal Objective Entropy Method

Jadhav, Poonam N.; Patil, Bharati

doi:10.5120/13472-1147

Cited by 10 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, more experiments and analyses using real datasets are needed to test its effectiveness. Jadhav and Patil [22] proposed an optimal objective entropy based method to detect low-rate DDoS attacks. This approach is a considerable improvement over the traditional entropy metric.…”

Section: Related Workmentioning

confidence: 99%

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Liao

Cao

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Low-rate Distributed Denial-of-Service (low-rate DDoS) attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement-expectation of packet size-that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

show abstract

Section: Related Workmentioning

confidence: 99%

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Liao

Cao

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…It is evident in Figure that performance of DFAD remains almost constant in both IDFA and SDFA. While optimal objective entropy and FSD methods performed well when there is an IDFA but their performance degrades rapidly as the intensity of distributed flood attack increased.…”

Section: Resultsmentioning

confidence: 99%

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Khan

Shams

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

Multi-hop wireless mesh networks (WMNs) are increasingly growing interest as a promising technology for high-speed network access. WMNs are integrated with other networks such as Internet, sensor networks, and cellular networks through gateways. Therefore gateways in WMNs are prone to various security threads and can be easily exploited by the attacker from any part of the Internet to launch a distributed flooding attack to compromise computer systems, affect the network performance, and destruct the services. Many approaches have been proposed by researchers in this regard but still more efforts are needed in terms of accuracy and efficiency. In this research paper, we will propose an artificial neural network-based technique for detection of distributed flooding attacks to things such as sensors or actuators in WMNs called the distributed flood attack detector. In our simulation, sample dataset used to train and test the artificial neural network is generated using NS-2 network simulator. Simulation results and real system implementation proved that the distributed flood attack detector can be used in a real network environment to detect the intermediate and severe distributed flood attacks with low-false positive and false-negative rates.

show abstract

“…In [11], a technique is proposed to identify two LDDoS attacks, the constant and the pulsing attack from legitimate traffic based on their distribution difference of packet size. In [12] a method is proposed based on optimal objective entropy to detect LDDoS attacks. The idea generalizes the traditional entropy metric.…”

Section: Related Workmentioning

confidence: 99%

Thwarting ICMP Low-Rate Attacks Against Firewalls While Minimizing Legitimate Traffic Loss

et al. 2020

View full text Add to dashboard Cite

Low-rate distributed denial of service (LDDoS) attacks pose more challenging threats that disrupt network security devices and services. Such type of attacks is difficult to detect and mitigate. In LDDoS attacks, attacker uses low-volume of malicious traffic that looks alike legitimate traffic. Thus, it can enter the network in silence without any notice. However, it may have severe effect on disrupting network services, depleting system resources, and degrading network speed to a point considering them as one of the most damaging attack types. There are many types of LDDoS such as application server and ICMP error messages based LDDoS. This paper is solely concerned with the ICMP error messages based LDDoS. The paper proposes a mechanism to mitigate low-rate ICMP error message attacks targeting security devices, such as firewalls. The mechanism is based on triggering a rejection rule to defend against corresponding detected attack as early as possible, in order to preserve firewall resources. The rejection rule has certain adaptive activity time, during which the rule continues to reject related low-rate attack packets. This activity time is dynamically predicted for the next rule activation period according to current and previous attack severity and statistical parameters. However, the rule activity time needs to be stabilized in a manner in order to prevent any additional overhead to the system as well as to prevent incremental loss of corresponding legitimate packets. Experimental results demonstrate that the proposed mechanism can efficiently defend against incremental evasion cycle of low-rate attacks, and monitor rejection rule activity duration to minimize legitimate traffic loss. INDEX TERMS Low-rate attacks, BlackNurse attack, Stateful firewall, session table, attack probabilistic modeling.

show abstract

Low-rate DDOS Attack Detection using Optimal Objective Entropy Method

Cited by 10 publications

References 8 publications

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Distributed flood attack detection mechanism using artificial neural network in wireless mesh networks

Thwarting ICMP Low-Rate Attacks Against Firewalls While Minimizing Legitimate Traffic Loss

Contact Info

Product

Resources

About