Wednesday, October 19, 2011

Traceback of DDoS Attacks Using Entropy Variations


Traceback of DDoS Attacks Using
Entropy Variations
Abstract:
          Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. However, the memoryless feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this paper, we propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet marking techniques. In comparison to the existing DDoS traceback methods, the proposed strategy possesses a number of advantages—it is memory nonintensive, efficiently scalable, robust against packet pollution, and independent of attack traffic patterns. The results of extensive experimental and simulation studies are presented to demonstrate the effectiveness and efficiency of the proposed method. Our experiments show that accurate traceback is possible within 20 seconds (approximately) in a large-scale attack network with thousands of zombies.
Existing system:

          Existing system  uses sampled traffic under non-attack conditions to build and maintains caches of the valid source addresses transiting network routers. Under attack conditions, route anomalies are detected by determining which routers have been used for unknown source addresses, in order to construct the attack graph.


Proposed system:
          In this proposed system we use entropy variations technique for traceback of DDoS attacks. The results of extensive experimental and simulation studies are presented to demonstrate the effectiveness and efficiency of the proposed method. Our experiments show that accurate traceback is possible within 20 seconds (approximately) in a large-scale attack network with thousands of zombies.
 The proposed strategy possesses a number of advantages,
          It is memory nonintensive,
           efficiently scalable,
           Robust against packet pollution,
          And independent of attack traffic patterns.
Algorithms
There are two algorithms used here.they are,
the local flow monitoring algorithm and the IP traceback algorithm

Technologies used:
Software requirmennts:
Front end:java

Posted by at

2 comments:

  1. JohnMarch 29, 2012 at 5:25 PM

    Hi,
    When you said that you have done experiments on Traceback DDoS by entropy variations, what was your topology?

    I understand that you have built your scenario in JAVA???

    I'm studying DDoS detection and Entropy variations can be used for detection? Could you share your code.

    Jo

    ReplyDelete
  2. UnknownNovember 15, 2015 at 5:23 AM

    Hi all,
    I'm studying DDoS detection via Entropy,too.
    Could you share your code for me, please?
    my email: cuongnc92@gmail.com
    Thank you

    ReplyDelete

Subscribe to: Post Comments (Atom)