Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks
Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service unavailability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries flood a large amou...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Conference or Workshop Item |
| Published: |
2018
|
| Subjects: | |
| Online Access: | https://repository.li.mahidol.ac.th/handle/123456789/28971 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Mahidol University |
| Summary: | Denial-of-service attacks (DoS) and distributed denial-of-service attacks (DDoS) attempt to temporarily disrupt users or computer resources to cause service unavailability to legitimate users in the internetworking system. The most common type of DoS attack occurs when adversaries flood a large amount of bogus data to interfere or disrupt the service on the server. By using a volume-based scheme to detect such attacks, this technique would not be able to inspect short-term denial-of-service attacks, as well as cannot distinguish between heavy load from legitimate users and huge number of bogus messages from attackers. As a result, this paper provides a detection mechanism based on a technique of entropy-based input-output traffic mode detection scheme. The experimental results demonstrate that our approach is able to detect several kinds of denial-of-service attacks, even small spike of such attacks. ©2010 IEEE. |
|---|