A New Information-Based Heuristic for Distributed DDoS Detection and Mitigation: Distributed and Collaborative DDoS Detection

摘要

In this paper a novel collective method for DDoS detection is introduced. The method is distributed and implemented as a multi-agent system, and where local decision is based on an information-based heuristic, namely the entropy. According the calculated entropy a router exchange data with its neighbors aiming at collectively decide if a DDoS is ongoing or not. Most of the works of the literature that are based on the entropy they have used source addresses. The authors' method is based on the entropy of the distances traveled by the packets, so spoofing IP packets will be hard to perform by hackers. Each router combines its decision with those of its neighbors. Such a collective detection allows to apply defense against the attack despite the victim is out of service or cannot perform DDoS mitigation because the traffic is congested in its neighborhood. Conducted experiments using the platform OMNet++ show the potential of the new method for efficient collaborative and distributed detection and mitigation of DDoS attacks.