Title :
An Entropy Algorithm to Improve the Performance and Protection from Denial-of-Service Attacks in NIDS
Author :
Gandhi, G.M. ; Srivatsa, S.K.
Abstract :
Distributed Denial-of-Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The approaches used in the existing defense techniques are based on traffic characteristics such as traffic deviation, attack pattern matching etc, which may not yield accurate detection and involves high complexity. In this paper, we propose an entropy based architecture to defend such distributed denial-of-service attacks.Our architecture includes attack tree construction, attacks detection and clustering of alerts. By calculating the predicted entropy for a router, alerts are raised for flows in which the predicted entropy is more than a threshold value. Then the alerts are grouped into different clusters according to their source, target, time and attack-type. It helps to avoid group redundant alerts and to associate alerts that are of the same nature. By simulation results, we show that the proposed architecture improves the detection accuracy and throughput while reducing the alert overhead.
Keywords :
distributed processing; entropy; security of data; NIDS; attack pattern matching; attacks detection; defense techniques; distributed denial-of-service attacks; entropy algorithm; traffic deviation; Computer crime; Educational institutions; Entropy; Ice; Internet; Intrusion detection; Pattern matching; Protection; Roads; Tree graphs; Distributed denial of service attacks; Intruders; attack tree; attack type; router entropy;
Conference_Titel :
Computer and Electrical Engineering, 2009. ICCEE '09. Second International Conference on
Conference_Location :
Dubai
Print_ISBN :
978-1-4244-5365-8
Electronic_ISBN :
978-0-7695-3925-6
DOI :
10.1109/ICCEE.2009.266
