Detecting DDoS attacks using conditional entropy

Detecting DDoS attacks using conditional entropy

Distributed denial of service (DDoS) attacks is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing approaches to detect DDoS attacks, a novel detection method based on conditional entropy is proposed in this paper. First, a group of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Yun Liu, Jieren Cheng, Jianping Yin, Boyun Zhang
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer crime
conditional entropy
distributed denial of service
Entropy
Feature extraction
IP networks
support vector machine
Support vector machine classification
Training
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Distributed denial of service (DDoS) attacks is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing approaches to detect DDoS attacks, a novel detection method based on conditional entropy is proposed in this paper. First, a group of statistical features based on conditional entropy is defined, which is named Traffic Feature Conditional Entropy (TFCE), to depict the basic characteristics of DDoS attacks, such as high traffic volume and Multiple-to-one relationships. Then, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. We experiment with the MIT Data Set in order to evaluate our approach. The results show that the proposed method not only can distinguish between attack traffic and normal traffic accurately, but also is more robustness to resist disturbance of background traffic compared with its counterparts.
ISSN:2161-9069
DOI:10.1109/ICCASM.2010.5622759