E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric
نویسندگان
چکیده
Distributed denial-of-service (DDoS) attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP (Internet Protocol) traceback. It aims to identify DDoS attacks effectively by measuring the metric difference between legitimate traffic and attack traffic. IP traceback is performed using the metric values for an attack sample detected by the detection scheme. The method uses a generalized entropy metric with packet intensity computation on the sampled network traffic with respect to time. The E-LDAT system has been evaluated using several real-world DDoS datasets and outperforms competing methods when detecting four classes of DDoS flooding attacks, including constant rate, pulsing rate, increasing rate and subgroup attacks. The IP traceback model is also evaluated using NetFlow data in near real-time and performs well in large-scale attack networks with zombies. Copyright © 2016 John Wiley & Sons, Ltd.
منابع مشابه
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM) Using Honeypots
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to ...
متن کاملTraceback of Ddos Attacks Using Entropy Variations
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet which deny normal service and degrade quality of service. However, the Network security mechanisms does not have effective and efficient methods to trace back the source of these attacks. In this paper, I propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملTracing Anonymous Mobile Attackers in Wireless Network
In a flooding-based distributed denial-of-service (DDoS) attack, an adversary attempts to exhaust a target’s computing resource. To detect DDoS attacks in a network environment, IP traceback methods are deployed to determine the origin of attack packets. With the increase in bandwidth of wireless networks, attackers may choose this medium from which to launch attacks. However, tracing the attac...
متن کاملDynamic Detection and Protection Mechanism against Distributed Denial of Service Attacks using Fuzzy Logic
DDoS (Distributed Denial of Service) is the attack to pollute the network. The attacker creates a large amount of packet to the particular system. The packets are sending by using the compromised computers. It is an effort to make a device or network resource engaged to its intended users. This paper describes training the DDoS attack detection system to recognize possible attacks on a system. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Security and Communication Networks
دوره 9 شماره
صفحات -
تاریخ انتشار 2016