Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks (ネットワークシステム)
スポンサーリンク
概要
- 論文の詳細を見る
Nowadays Distributed Denial of Service (DDoS) attacks are threatening the widely used Internet. How to detect DDoS attacks quickly and effectively becomes an important and challenging work. Many detection schemes based on traffic distribution have been proposed, but problems are still remaining. The real Internet traffic is changefully and not easily modeled in a short term. Studying the characteristics of traffic distribution is a popular considering way; however these kinds of schemes need a relatively long observation time to decide statistics property. This will mitigate detection scheme's efficiency. In our paper we have studied the network node's Input-Output traffic and proposed a relatively simple traffic analyses model, named "8 Input-Output Modes Model"(8-IOMM). Based on this new model, we have adopted an entropy-based scheme to detect out DDoS attacks. We've tested the scheme with the typical Internet traffic from Science Information Network and the DDoS attack data from OPNET simulation tool! The results show that our detection scheme works efficiently.
- 2008-05-08
著者
-
Abe Shunji
National Inst. Informatics Tokyo Jpn
-
Fengxiang Zhang
Department of Informatics, Graduate University
-
Fengxiang Zhang
Department Of Informatics Graduate University
関連論文
- Architectural Design of Next-Generation Science Information Network(Advanced Transfer Technologies for the Next Generation Network)
- A Traffic Decomposition and Prediction Method for Detecting and Tracing Network-Wide Anomalies
- 奨励講演 Two-level Mobile Routing System for IPv6 Network Mobility
- Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks (ネットワークシステム)
- Traffic Characteristics of Assembled Burst Traffic for Optical Burst Switching Networks
- A DDoS flooding attack detection mechanism analyses based on the relationship between input and output traffic volumes (ネットワークシステム)
- BS-10-10 An Edge Buffering Based Fast Restoration Scheme for Optical Burst Switching Networks(BS-10. Network Planning, Control, and Management)
- BS-10-20 An IP Packet Size Entropy-based Algorithm for Detection of DoS/DDoS Attacks(BS-10.Network Planning, Control, and Management,symposium)
- BS-8-1 An Advanced Timer-based Burst Assembly Algorithm with Traffic Shaping in Optical Burst Switching Networks(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
- Detecting and tracing traffic volume anomalies in an academic network (情報ネットワーク)
- BS-15-6 A Rescheduling Scheme for Providing Joint QoS in Optical Burst Switching Networks(BS-15.Network Planning, Control, and Management,ENGLISH SESSION)
- Traffic Analysis and Traffic-Smoothing Burst Assembly Methods for the Optical Burst Switching Network(Switching for Communications)
- BS-8-19 A Heuristic Scheme to Distinguish Legitimate Traffic from Attack Traffic in Networks Anomaly Detection(BS-8. Technology and Architecture for Ubiquitous Network Systems,ENGLISH SESSION)
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion
- A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion