首页> 外文期刊>International Journal of Engineering and Technology >Detection and Discrimination of DDoS Attacks from Flash Crowd Using Entropy Variations
【24h】

Detection and Discrimination of DDoS Attacks from Flash Crowd Using Entropy Variations

机译:使用熵变检测和区分来自闪存人群的DDoS攻击

获取原文
           

摘要

Internet is a worldwide network that combines millions local to global scope, private public, academics, business, optical network technologies, government networks. It carries an expandable range of information resources and services which lead to bulk exchange of traffic over the Internet every day. This excessive popularity creates some troubles in the networks. Among them, Flash Crowd and Distributed Denial of Service (DDoS) attacks are the two major events. Web services needs stability and security from these two concerns. There are some methods that can discriminate DDoS attack from flash crowd and trace the sources of the attack in huge volume of network traffic. However, it is difficult to detect the exact sources of DDoS attacks in network traffic when Flash crowd event is also present. Due to the alikeness of these two anomalies, attacker can easily mimic the malicious flow into legitimate traffic patterns and defence system cannot detect real sources of attack on time. In this paper, entropy variation, a theoretic parameter, is used to discriminate DDoS attack from Flash Crowd and trace the sources of the DDoS attack. Entropy variation is a theoretic concept which is a measure of changes in concentration of distribution of flows at a router for a given time duration. The proposed strategy is effective and efficiently scalable that has several advantages like memory non intensive, minimum overhead in terms of resources and time, and independent of traffic pattern.
机译:互联网是一个全球性网络,结合了数以百万计的本地到全球范围,私有公众,学者,企业,光网络技术,政府网络。它承载着广泛的信息资源和服务,导致每天通过Internet进行大量流量交换。这种过度普及会在网络中造成一些麻烦。其中,Flash Crowd和分布式拒绝服务(DDoS)攻击是两个主要事件。 Web服务需要这两个方面的稳定性和安全性。有一些方法可以区分来自闪存人群的DDoS攻击,并在大量网络流量中跟踪攻击源。但是,当还存在Flash人群事件时,很难检测到网络流量中DDoS攻击的确切来源。由于这两个异常的相似性,攻击者可以轻松地将恶意流量模仿成合法的流量模式,并且防御系统无法及时检测到真正的攻击源。在本文中,使用熵变(一个理论参数)来区分DDoS攻击和Flash Crowd,并跟踪DDoS攻击的来源。熵变是一个理论概念,它是对给定时间段内路由器处流量分布集中度变化的度量。所提出的策略是有效和高效的可扩展性,具有多个优点,例如不占用大量内存,在资源和时间方面的开销最小以及与流量模式无关。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号