Detect and identify DDoS attacks from flash crowd based on self-similarity and Renyi entropy
| Autor: | XueJing Qin, Ruoyu Yan, Guoyu Xu |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Self-similarity
Computer science 020209 energy 020208 electrical & electronic engineering Local area network Denial-of-service attack 02 engineering and technology computer.software_genre Flash crowd Rényi entropy 0202 electrical engineering electronic engineering information engineering False positive paradox Data mining computer |
| Zdroj: | 2017 Chinese Automation Congress (CAC). |
| DOI: | 10.1109/cac.2017.8244075 |
| Popis: | The paper presents an effective identification method for DDoS attacks and flash crowd in the source-end network. As DDoS attack and flash crowd behavior dramatically increase the number of new (or forged) source IP addresses, the method firstly construct a time series by counting the number of new (or forged) IP addresses in the monitored local area network, and use VTP (variance-time plots) method to verify its self-similarity in normal environments. Then, whittle estimator is used to calculate Hurst index and its confidence interval to detect anomalies. Based on the detection results, in order to accurately identify these two network behaviors, the paper further proposes Renyi entropy based method to distinguish DDoS attack from flash crowd according to the characteristic that DDoS attack and flash crowd cause different degrees of dispersion in source IP address. Finally experimental results indicate that this method can not only detect the mutation of network traffic in real time and reduce false positives, but also accurately distinguish DDoS attack from flash crowd in the background of large network traffic. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|