An Entropy Based Approach to Detect and Distinguish DDoS Attacks from Flash Crowds in VoIP Networks

Voice over IP (VoIP) is a facility of providing voice services in accordance with IP (Internet Protocol) which provides better QoS (Quality of Service) than Public Switched Telephone Network (PSTN) at comparatively less cost.. Since Internet suffers from various threats, VoIP, which uses IP for servicing the Clients also results in stepping down QoS. One of the major QoS threats is Server Availability. Attackers defeat the server processing capability and gain control over the server by flooding lot of messages or requests and make server resources unavailable to the genuine user, resulting in DDoS (Distributed Denial of Service). But the server must predict the legitimate flood namely Flash crowd and malicious attack flooding usually DDoS. Both DDoS and Flash crowd creates abnormal traffic condition, but in order to improve Goodput, the server must be deployed with the mechanism that should classify legitimate and malicious call requests. This paper observes the traffic condition and the purpose of dealings varies which helps in outwitting the attackers. We also use the entropy packet analysis to minimize the traffic reaching the server. NS2 (Network Simulator 2) with SIP (Session Initiation Protocol) is ued to experiment and analyze the proposed work.