Title :
Entropy based SYN flooding detection
Author :
Arshadi, Laleh ; Jahangir, Amir Hossein
Author_Institution :
Comput. Eng. Dept., Sharif Univ. of Iran, Tehran, Iran
Abstract :
In this paper we present a novel approach for detecting SYN flooding attacks by investigating the entropy of SYN packet inter-arrival times as a measure of randomness. We argue that normal SYN packets are almost independent leading to higher values of entropy while SYN flooding attacks consist of a high volume of related SYN packets and so the entropy of their inter-arrival times would be less than normal. We apply this entropy-based method on different data sets of network traffic both in off-line and real-time modes.
Keywords :
entropy; telecommunication security; telecommunication traffic; SYN flooding attacks; SYN flooding detection; data sets; entropy; network traffic; Computer crime; Conferences; Entropy; Floods; Internet; Intrusion detection; Real time systems; Computer Networks Traffic; Entropy; SYN Flooding;
Conference_Titel :
Local Computer Networks (LCN), 2011 IEEE 36th Conference on
Conference_Location :
Bonn
Print_ISBN :
978-1-61284-926-3
DOI :
10.1109/LCN.2011.6115171
