Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms

International Journal of Computer Trends and Technology (IJCTT)          
© - October Issue 2013 by IJCTT Journal
Volume-4 Issue-10                           
Year of Publication : 2013
Authors :B. Aravind , M. Lakshmi Narayana


B. Aravind , M. Lakshmi Narayana"Detecting Constant Low-Frequency Appilication Layer Ddos Attacks Using Collaborative Algorithms"International Journal of Computer Trends and Technology (IJCTT),V4(10):3437-3443 October Issue 2013 .ISSN Published by Seventh Sense Research Group.

Abstract:- A DDoS (i.e., Distributed Denial of Service) attack is a large scale distributed attempt by malicious attackers to fill the users’ network with a massive number of packets. This exhausts resources like bandwidth, computing power, etc.; User can’t provide services to its clients and network performance get destroyed. The methods like hop count filtering; rate limiting and statistical filtering are used for recovery. In this paper, we explored two new information metrics which have generalized information about entropy metric and distance metric .They can detect low-rate of Distributed Denial of Service i.e., DDoS attacks by measuring difference between the legitimate traffic and the attack traffic. The generalized entropy metric information can detect the attacks on several hops before than the traditional Shannon metric. The proposed information about the distance metric outperforms the popular Kullback–Leibler divergence approach as it has the ability to perfectly enlarge the adjudication distance and gets the optimal detection sensitivity. Further the IP trace back algorithm can find all attackers as well as their attacks through local area networks (LANs) and will delete the attack traffic.


References -
[1] A. Chonka et al., “Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks,” J. Netw. Comput. Applicat. Jun. 23, 2010 [Online]. Available: jnca.2010.06.004
[2] X. Jin et al., “ZSBT: A novel algorithm for tracing DoS attackers in MANETs,” EURASIP J. Wireless Commun. Netw., vol. 2006, no. 2, pp. 1–9, 2006.
[3] A. Shevtekar, K. Anantharam, and N. Ansari, “Low rate TCP Denial- of-Service attack detection at edge routers,” IEEE Commun. Lett., vol. 9, no. 4, pp. 363–365, Apr. 2005.
[4] G. Carl et al., “Denial-of-service attack-detection techniques,” IEEE Internet Comput., vol. 10, no. 1, pp. 82– 89, Jan./Feb. 2006.
[5] P. Du and S. Abe, “IP packet size entropy-based scheme for detection of DoS/DDoS attacks,” IEICE Trans. Inf. Syst., vol. E91-D, no. 5, pp. 1274–1281, 2008.
[6] S. Ledesma and D. Liu, “Synthesis of fractional Gaussian noise using linear approximation for generating self-similar network traffic,” Comput. Commun. Rev., vol. 30, no. 2, pp. 4–17, 2000.
[7] E. Perrin et al., “ th-order fractional Brownian motion and fractional Gaussian noises,” IEEE Trans. Signal Process., vol. 49, no. 5, pp. 1049–1059, May 2001.
[8] E. Perrin et al., “Fast and exact synthesis for 1-D fractional Brownian motion and fractional Gaussian noises,” IEEE Signal Process. Lett.vol. 9, no. 11, pp. 382–384, Nov. 2002.
[9] Y. Bao and H. Krim, “Renyi entropy based divergence measures for ICA,” in Proc. IEEE Workshop on Statistical Signal Processing, 2003,pp. 565–568.
[10] Y. Gu, A. McCallum, and D. Towsley, “Detecting anomalies in network traffic using maximum entropy estimation,” in Proc. ACM SIGCOMM Conf. Internet Measurement (IMC 2005), 2005, pp. 32–32.
[11] R. Sekar et al., “Specification based anomaly detection: A new approach for detecting network intrusions,” in Proc. ACM Conf. Computer and Communications Security (CCS 2002), 2002, pp. 265–274.
[12] A. Patcha and J.-M. Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends, Comput.Netw” vol. 51, no. 12, pp. 3448–3470, 2007.
[13] C. E. Shannon, “A mathematical theory of communication,” Bell Syst. Tech. J., vol. 27, pp. 379–423 and 623–656, 1948.
[14] K. Zyczkowski, “Rényi extrapolation of Shannon entropy,” Open Syst.Inf. Dynamics, vol. 10, no. 3, pp. 297– 310, 2003.

Keywords :— Attack detection, information metrics, IP trace back, low-rate distributed denial of service (DDoS) attack.