Loading…
Detecting DDoS attacks using conditional entropy
Distributed denial of service (DDoS) attacks is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing approaches to detect DDoS attacks, a novel detection method based on conditional entropy is proposed in this paper. First, a group of...
Saved in:
Main Authors: | , , , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Distributed denial of service (DDoS) attacks is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing approaches to detect DDoS attacks, a novel detection method based on conditional entropy is proposed in this paper. First, a group of statistical features based on conditional entropy is defined, which is named Traffic Feature Conditional Entropy (TFCE), to depict the basic characteristics of DDoS attacks, such as high traffic volume and Multiple-to-one relationships. Then, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. We experiment with the MIT Data Set in order to evaluate our approach. The results show that the proposed method not only can distinguish between attack traffic and normal traffic accurately, but also is more robustness to resist disturbance of background traffic compared with its counterparts. |
---|---|
ISSN: | 2161-9069 |
DOI: | 10.1109/ICCASM.2010.5622759 |