Detection of DDoS attacks and flash events using novel information theory metrics

Distributed Denial of Service (DDoS) is an austere menace to network security. The in-time detection of DDoS attacks poses a stiff challenge to network security professionals. In this paper, the authors initiatively propose using a novel set of information theory metrics called ϕ-Entropy and ϕ-Diver...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2017-04, Vol.116, p.96-110
Main Authors: Behal, Sunny, Kumar, Krishan
Format: Article
Language:English
Subjects:
Algorithms
Communications traffic
Datasets
DDoS attacks
Denial of service attacks
Entropy
Entropy (Information theory)
Information divergence
Information theory
Network security
Parameter sensitivity
Security
Security management
Traffic flow
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Distributed Denial of Service (DDoS) is an austere menace to network security. The in-time detection of DDoS attacks poses a stiff challenge to network security professionals. In this paper, the authors initiatively propose using a novel set of information theory metrics called ϕ-Entropy and ϕ-Divergence metrics for detecting DDoS attacks and flash events. The proposed metrics are highly sensitive towards detecting meek variations in the network traffic and elicit more information distance between legitimate and attack traffic flows as compared to existing predominantly used Generalized Entropy (GE) and Generalized Information Divergence (GID) metrics. As part of this work, a generalized detection algorithm has been proposed which uses the entropy difference between traffic flows to detect different types of DDoS attacks and FEs. The proposed detection algorithm has been validated using various publically available datasets of MIT Lincoln, CAIDA, FIFA and synthetically generated DDoSTB dataset in terms of various detection system evaluation parameters.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2017.02.015