IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
スポンサーリンク
概要
- 論文の詳細を見る
Denial of service (DoS) attacks have become one of the most serious threats to the Internet. Enabling detection of attacks in network traffic is an important and challenging task. However, most existing volume-based schemes can not detect short-term attacks that have a minor effect on traffic volume. On the other hand, feature-based schemes are not suitable for real-time detection because of their complicated calculations. In this paper, we develop an IP packet size entropy (IPSE)-based DoS/DDoS detection scheme in which the entropy is markedly changed when traffic is affected by an attack. Through our analysis, we find that the IPSE-based scheme is capable of detecting not only long-term attacks but also short-term attacks that are beyond the volume-based schemes ability to detect. Moreover, we test our proposal using two typical Internet traffic data sets from DARPA and SINET, and the test results show that the IPSE-based detection scheme can provide detection of DoS/DDoS attacks not only in a local area network (DARPA) and but also in academic backbone network (SINET).
- (社)電子情報通信学会の論文
- 2008-05-01
著者
関連論文
- Architectural Design of Next-Generation Science Information Network(Advanced Transfer Technologies for the Next Generation Network)
- デ-22 CoreLab : A Wide-Area Network Testbed for Emerging Network Services and Architectures
- A Traffic Decomposition and Prediction Method for Detecting and Tracing Network-Wide Anomalies
- 奨励講演 Two-level Mobile Routing System for IPv6 Network Mobility
- Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks (ネットワークシステム)
- Traffic Characteristics of Assembled Burst Traffic for Optical Burst Switching Networks
- A DDoS flooding attack detection mechanism analyses based on the relationship between input and output traffic volumes (ネットワークシステム)
- BS-10-10 An Edge Buffering Based Fast Restoration Scheme for Optical Burst Switching Networks(BS-10. Network Planning, Control, and Management)
- BS-10-20 An IP Packet Size Entropy-based Algorithm for Detection of DoS/DDoS Attacks(BS-10.Network Planning, Control, and Management,symposium)
- BS-8-1 An Advanced Timer-based Burst Assembly Algorithm with Traffic Shaping in Optical Burst Switching Networks(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
- Detecting and tracing traffic volume anomalies in an academic network (情報ネットワーク)
- BS-15-6 A Rescheduling Scheme for Providing Joint QoS in Optical Burst Switching Networks(BS-15.Network Planning, Control, and Management,ENGLISH SESSION)
- Traffic Analysis and Traffic-Smoothing Burst Assembly Methods for the Optical Burst Switching Network(Switching for Communications)
- BS-8-19 A Heuristic Scheme to Distinguish Legitimate Traffic from Attack Traffic in Networks Anomaly Detection(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
- Rethinking Business Model in Cloud Computing : Concept and Example