Title :
Deciding Optimal Entropic Thresholds to Calibrate the Detection Mechanism for Variable Rate DDoS Attacks in ISP Domain
Author :
Sardana, Anjali ; Joshi, R.C. ; Kim, Tai-Hoon
Author_Institution :
IIT Roorkee, Roorkee
Abstract :
High bandwidth DDoS attacks consume more resources and have direct impact at ISP level in contrast to low rate DDoS attacks leading to graceful degradation of network and being mostly undetectable. Although an array of detection schemes have been proposed, current requirement is a real time DDoS detection mechanism that adapts itself to varying network conditions to give minimum false alarms. We treat DDoS attacks as events that disturb the distribution of traffic features in ISP domain reflected by entropic variations on in stream samples. Next we propose to calibrate the detection mechanism for minimum false alarm rate by varying tolerance factor in real time. Simulations are carried out in ns-2 at different attack strengths. We also report our experimental results over KDD 99 dataset. Results show that the proposed approach is comparable to previously reported approaches with an advantage of variable rate attack detection and minimum false alarms.
Keywords :
Internet; authorisation; ISP domain; Internet service provider; distributed denial of service; entropic variation; minimum false alarm rate; optimal entropic threshold; real time DDoS detection; variable rate DDoS attack; variable rate attack detection; varying network condition; Adaptive arrays; Availability; Bandwidth; Computer crime; Degradation; Distributed computing; Entropy; Information security; Telecommunication traffic; Traffic control; Calibration; DDoS; Entropy; False Alarms; Thresholds;
Conference_Titel :
Information Security and Assurance, 2008. ISA 2008. International Conference on
Conference_Location :
Busan
Print_ISBN :
978-0-7695-3126-7
DOI :
10.1109/ISA.2008.76
