Abstract
In information theory, entropies make up of the basis for distance and divergence measures among various probability densities. In this paper we propose a novel metric to detect DDoS attacks in networks by using the function of order α of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. Our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order α=2, and two hops earlier to detect attacks while order α=10.) but also reduce both the false positive rate and the false negative rate clearly compared with the traditional Shannon entropy metric approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rényi, A.: On Measures of Entropy and Information. In: Proc. Fourth Berkeley Sym., Math. Stat. and Probability, vol. 1, pp. 547–561. University of California Press, Berkeley (1961)
Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-Service Attack-Detection Techniques. IEEE Internet Computing 10(1), 82–89 (2006)
Du, P., Abe, S.: IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks. IEICE Transactions on Information and Systems E91-D(5), 1274–1281 (2008)
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: Proc. ACM/SIGCOMM Internet Measurement Conference – IMC 2005 (October 2005)
Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Zhou, S., Tiwari, A., Yang, H.: Specification based anomaly detection: A new approach for detecting network intrusions. In: Proc. ACM CCS (2002)
Ledesma, S., Liu, D.: Synthesis of Fractional Gaussian Noise Using Linear Approximation for Generating Self-Similar Network Traffic. Computer Communication Review 30 (2000)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51 (2007)
Willinger, W.: Traffic modeling for high-speed networks: Theory versus practice. In: Stochastic Networks. Springer, Heidelberg (1995)
Perrin, E., Harba, R., Berzin-Joseph, C., Iribarren, I., Bonami, A.: nth-order fractional Brownian motion and fractional Gaussian noises. IEEE Trans. Signal Processing 45, 1049–1059 (2001)
Perrin, E., Harba, R., Jennane, R., Iribarren, I.: Fast and Exact Synthesis for 1-D Fractional Brownian Motion and Fractional Gaussian Noises. IEEE Signal Processing Letters 9 (November 2002)
Kumar, K., Joshi, R.C., Singh, K.: A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain. Signal Processing, Communications and Networking (2007)
Shannon, C.E.: A mathematical theory of communication. Bell System Technical J. 27, 379–423, 623–656, (1948)
Bao, Y., Krim, H.: Renyi entropy based divergence measures for ICA. In: 2003 IEEE Workshop on Statistical Signal Processing, 28 September - 1 October 2003, pp. 565–568 (2003)
Baraniuk, R.G., Flandrin, P., Janssen, A.J.E.M., Michel, O.J.J.: Measuring time-frequency information content using the Renyi entropies. IEEE Transactions on Information Theory 47(4), 1391–1409 (2001)
Karol, Z.: Rényi Extrapolation of Shannon Entropy. Open Sys. & Information Dyn. 10, 297–310 (2003)
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/2000/LLS_DDOS_2.0.2.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, K., Zhou, W., Yu, S., Dai, B. (2009). Effective DDoS Attacks Detection Using Generalized Entropy Metric. In: Hua, A., Chang, SL. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2009. Lecture Notes in Computer Science, vol 5574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03095-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-03095-6_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03094-9
Online ISBN: 978-3-642-03095-6
eBook Packages: Computer ScienceComputer Science (R0)