Internet is a worldwide network that combines millions local to global scope, private public, academics, business, optical network technologies, government networks. It carries an expandable range of information resources and services which lead to bulk exchange of traffic over the Internet every day. This excessive popularity creates some troubles in the networks. Among them, Flash Crowd and Distributed Denial of Service (DDoS) attacks are the two major events. Web services needs stability and security from these two concerns. There are some methods that can discriminate DDoS attack from flash crowd and trace the sources of the attack in huge volume of network traffic. However, it is difficult to detect the exact sources of DDoS attacks in network traffic when Flash crowd event is also present. Due to the alikeness of these two anomalies, attacker can easily mimic the malicious flow into legitimate traffic patterns and defence system cannot detect real sources of attack on time. In this paper, entropy variation, a theoretic parameter, is used to discriminate DDoS attack from Flash Crowd and trace the sources of the DDoS attack. Entropy variation is a theoretic concept which is a measure of changes in concentration of distribution of flows at a router for a given time duration. The proposed strategy is effective and efficiently scalable that has several advantages like memory non intensive, minimum overhead in terms of resources and time, and independent of traffic pattern.
展开▼
