Detecting DDoS attacks using conditional entropy

Author

Liu, Yun ; Yin, Jianping ; Cheng, JieRen ; Zhang, Boyun

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China

Volume

13

fYear

2010

fDate

22-24 Oct. 2010

Abstract

Distributed denial of service (DDoS) attacks is one of the major threats to the current Internet. After analyzing the characteristics of DDoS attacks and the existing approaches to detect DDoS attacks, a novel detection method based on conditional entropy is proposed in this paper. First, a group of statistical features based on conditional entropy is defined, which is named Traffic Feature Conditional Entropy (TFCE), to depict the basic characteristics of DDoS attacks, such as high traffic volume and Multiple-to-one relationships. Then, a trained support vector machine (SVM) classifier is applied to identify the DDoS attacks. We experiment with the MIT Data Set in order to evaluate our approach. The results show that the proposed method not only can distinguish between attack traffic and normal traffic accurately, but also is more robustness to resist disturbance of background traffic compared with its counterparts.

Keywords

Internet; entropy; pattern classification; security of data; statistical analysis; support vector machines; Internet; distributed denial of service attacks; multiple-to-one relationship; statistical features; support vector machine classifier; traffic feature conditional entropy; Computer crime; Entropy; Feature extraction; IP networks; Support vector machine classification; Training; conditional entropy; distributed denial of service; support vector machine;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Application and System Modeling (ICCASM), 2010 International Conference on

Conference_Location

Taiyuan

Print_ISBN

978-1-4244-7235-2

Electronic_ISBN

978-1-4244-7237-6

Type

conf

DOI

10.1109/ICCASM.2010.5622759

Filename

5622759