Deciding Optimal Entropic Thresholds to Calibrate the Detection Mechanism for Variable Rate DDoS Attacks in ISP Domain

Author

Sardana, Anjali ; Joshi, R.C. ; Kim, Tai-Hoon

Author_Institution

IIT Roorkee, Roorkee

fYear

2008

fDate

24-26 April 2008

Firstpage

270

Lastpage

275

Abstract

High bandwidth DDoS attacks consume more resources and have direct impact at ISP level in contrast to low rate DDoS attacks leading to graceful degradation of network and being mostly undetectable. Although an array of detection schemes have been proposed, current requirement is a real time DDoS detection mechanism that adapts itself to varying network conditions to give minimum false alarms. We treat DDoS attacks as events that disturb the distribution of traffic features in ISP domain reflected by entropic variations on in stream samples. Next we propose to calibrate the detection mechanism for minimum false alarm rate by varying tolerance factor in real time. Simulations are carried out in ns-2 at different attack strengths. We also report our experimental results over KDD 99 dataset. Results show that the proposed approach is comparable to previously reported approaches with an advantage of variable rate attack detection and minimum false alarms.

Keywords

Internet; authorisation; ISP domain; Internet service provider; distributed denial of service; entropic variation; minimum false alarm rate; optimal entropic threshold; real time DDoS detection; variable rate DDoS attack; variable rate attack detection; varying network condition; Adaptive arrays; Availability; Bandwidth; Computer crime; Degradation; Distributed computing; Entropy; Information security; Telecommunication traffic; Traffic control; Calibration; DDoS; Entropy; False Alarms; Thresholds;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security and Assurance, 2008. ISA 2008. International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3126-7

Type

conf

DOI

10.1109/ISA.2008.76

Filename

4511575