Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics

Xiang, Yang; Li, Ke; Zhou, Wanlei

doi:10.1109/tifs.2011.2107320

Cited by 330 publications

(218 citation statements)

References 23 publications

Supporting

Mentioning

197

Contrasting

Unclassified

Order By: Relevance

“…Although Tsallis entropy seems to be more popular than Renyi entropy in the context of network anomaly detection the latter was also successfully applied in detection of different anomalies. An example is the work by Yang et al [10] who employed Renyi entropy to early detection of low-rate DDoS attacks and Kopylova et al [11] who reported positive results of using Renyi conditional entropy in detection of selected worms. We believe that with parameterized entropy some limitations of Shannon entropy caused by small descriptive capability [9] which results in a little ability to detect typical small or low-rate anomalies can be overcome.…”

Section: Detection Via Feature Distributionsmentioning

confidence: 99%

“…Therefore, a proper network anomaly detection as one of possible solutions to complement signature-based solutions is essential. Recently, entropy-based methods which rely on network feature distributions has been of a great interest [6][7][8][9][10][11]. It is crucial to check if entropy-based approach is efficient in detection of anomalous network activities caused by modern botnet-like malware [12].…”

Section: Introductionmentioning

confidence: 99%

“…Entropy-based methods proposed in the past e.g. [8,10,15] deals with a massive spreads of old types of worms (not botnet-like) or different types of Distributed Denial of Service (DDoS) attacks in a high-speed networks. In this article we propose an effective entropy based method for detection and categorization of network anomalies that indicate existence of the botnet-like malware in the local networks.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

161

View full text Add to dashboard Cite

Data mining is an interdisciplinary subfield of computer science involving methods at the intersection of artificial intelligence, machine learning and statistics. One of the data mining tasks is anomaly detection which is the analysis of large quantities of data to identify items, events or observations which do not conform to an expected pattern. Anomaly detection is applicable in a variety of domains, e.g., fraud detection, fault detection, system health monitoring but this article focuses on application of anomaly detection in the field of network intrusion detection.The main goal of the article is to prove that an entropy-based approach is suitable to detect modern botnet-like malware based on anomalous patterns in network. This aim is achieved by realization of the following points: (i) preparation of a concept of original entropy-based network anomaly detection method, (ii) implementation of the method, (iii) preparation of original dataset, (iv) evaluation of the method.

show abstract

Section: Detection Via Feature Distributionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Entropy-Based Network Anomaly Detection Method

Bereziński

Jasiul

Szpyrka

2015

Entropy

161

View full text Add to dashboard Cite

show abstract

“…In [50], authors focus on detection and traceback of low-rate DDoS attacks as they are very much like normal traffic and have more ability to conceal their attack related identities in the aggregate traffic. Two new information metrics are proposed (generalized entropy metric and information distance metric) to detect low-rate DDoS attacks.…”

Section: Traceback Schemesmentioning

confidence: 99%

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Aamir

Zaidi

2013

IIS

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks exhaust victim's bandwidth or services. Traditional architecture of Internet is vulnerable to DDoS attacks and an ongoing cycle of attack & defense is observed. A recent attack report of year 2013 -'Quarter 1' from Prolexic Technologies identifies that 1.75 percent increase in total number of DDoS attacks has been recorded as compared to similar attacks of previous year's last quarter. In this paper, different types and techniques of DDoS attacks and their countermeasures are surveyed. The significance of this paper is the coverage of many aspects of countering DDoS attacks including new research on the topic. We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications, application layer DDoS defense and countermeasures in wireless networks, CCN & cloud computing environments. We also discuss some traditional methods of defense such as traceback and packet filtering techniques, so that readers can identify major differences between traditional and current techniques of defense against DDoS attacks. We identify that application layer DDoS attacks possess the ability to produce greater impact on the victim as they are driven by legitimate-like traffic, making it quite difficult to identify and distinguish from legitimate requests. The need of improved defense against such attacks is therefore more demanding in research. The study conducted in this paper can be helpful for readers and researchers to recognize better techniques of defense in current times against DDoS attacks and contribute with more research on this topic in the light of future challenges identified in this paper.

show abstract

“…Several malicious activities can be formed using Botnet like leakage of sensitive information etc. but one of the severe attacks is DDoS [21].…”

Section: Introductionmentioning

confidence: 99%

A Review of Techniques to Detect and Prevent Distributed Denial of Service (DDoS) Attack in Cloud Computing Environment

Sattar¹,

Shahid²,

Abbas³

2015

IJCA

View full text Add to dashboard Cite

Cloud computing has become one of the most demanding services over the internet. It has gained remarkable fame for past few years.But it is under the severe threats of internet security. One of the severe threats is Distributed Denial of Service (DDoS). DDoS occurs when a huge amount of packets are sent to a server from various computers. Botnet is one of the major causes that launch DDoS attack. Botnet is actually a network of bots or zombie computers that are under the control of attacker. Several techniques are available in the literature that provides solution to avoid DDoS attack.A survey on DDoS detection and prevention techniques and their comparative analysishave been done in this paper.

show abstract

Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics

Cited by 330 publications

References 23 publications

An Entropy-Based Network Anomaly Detection Method

An Entropy-Based Network Anomaly Detection Method

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

A Review of Techniques to Detect and Prevent Distributed Denial of Service (DDoS) Attack in Cloud Computing Environment

Contact Info

Product

Resources

About