International Journal of Computer Network and Information Security(IJCNIS)

ISSN: 2074-9090 (Print), ISSN: 2074-9104 (Online)

Published By: MECS Press

IJCNIS Vol.7, No.8, Jul. 2015

Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks

Full Text (PDF, 1169KB), PP.9-20

Views:148   Downloads:10


Abhinav Bhandari, A.L Sangal, Krishan Kumar

Index Terms

DDoS attacks;data center;entropy;aver-age entropy;differential entropy;traceback


With all the brisk growth of web, distributed denial of service attacks are becoming the most serious issues in a data center scenarios where lot many servers are deployed. A Distributed Denial of Service attack gen-erates substantial packets by a large number of agents and can easily tire out the processing and communication resources of a victim within very less period of time. Defending DDoS problem involved several steps from detection, characterization and traceback in order todomitigation. The contribution of this research paper is a lot more. Firstly, flooding based DDoS problems is detected using obtained packets based entropy approach in a data center scenario. Secondly entropy based traceback method is applied to find the edge routers from where the whole attack traffic is entering into the ISP domain of the data center. Various simulation scenarios using NS2 are depicted in order to validate the proposed method using GT-ITM primarily based topology generators. Information theory based metrics like entropy; average entropy and differential entropy are used for this purpose.

Cite This Paper

Abhinav Bhandari, A.L Sangal, Krishan Kumar,"Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks", IJCNIS, vol.7, no.8, pp.9-20, 2015.DOI: 10.5815/ijcnis.2015.08.02


[1]"Worldwide Infrastructure Security Report," Arbor Networks, 2014.

[2]K. Kumar, R. Joshi and K. Singh, "A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain," in Signal Processing, Communications and Networking, 2007. ICSCN '07. International Conference, 2007. 

[3]Y. Chen and K. Hwang, "Collaborative Change Detection of DDoS Attacks on Community and ISP Networks," in Collaborative Technologies and Systems, 2006. CTS 2006. International Symposium, 2006. 

[4]M. Sachdeva and K. Kumar, "A traffic cluster entropy based approach to distinguish DDoS Attacks from flash event using DETER testbed," ISRN Communications and Networking, 2014. 

[5]L. Feinstein, D. Schnackenberg, R. Balupari and D. Kindred, "Statistical approaches to DDoS attack detection and response," in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, 2003. 

[6]L. Wenke and X. Dong, "Information-theoretic measures for anomaly detection," in Security and Privacy IEEE Symposium, 2001. 

[7]Y. chen and K. Hawang, "Collaborative change detection of DDoS attacks on community and ISP networks," in Collaborative Technologies and Systems, CTS IEEE, 2006. 

[8]J.-H. Jun, C.-W. Ahn and S.-H. Kim, "DDoS attack detection by using packet sampling and flow features," in Proceedings of the 29th Annual ACM Symposium on Applied Computing., 2014. 

[9]S. Seongjun, S. Lee, H. Kim and S. Kim, "Advanced probabilistic approach for network intrusion forecasting and detection," Expert Systems with Applications, vol. 40, no. 1, pp. 315-322, 2013. 

[10]H. Rahmani, S. Nabil and K. Farouk, "Joint entropy analysis model for DDoS attack detection." Information Assurance and Securit," in Information Assurance and Security, 2009. IAS'09. Fifth International Conference, 2009. 

[11]G. Yu, A. McCallum and T. Don, "Detecting anomalies in network traffic using maximum entropy estimation," in Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement, 2005. 

[12]S. Oshima, N. Takuo and S. Toshinori, "DDoS detection technique using statistical analysis to generate quick response time," in Broadband, Wireless Computing, Communication and Applications, 2010. 

[13]A. Yaar, A. Perrig and D. Song, "StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense," Selected Areas in Communications, IEEE Journal, vol. 24, no. 10, pp. 1853-1863, 2006. 

[14]A. Belenky and N. Ansari, "On IP traceback," Communications Magazine, IEEE, vol. 41, no. 7, pp. 142-153, 2003. 

[15]T. Baba and S. Matsuda, "Tracing Network Attacks to Their Sources," IEEE Internet Computing, vol. 6, no. 2, pp. 20-26, March/April 2002. 

[16]B. Al-Duwairi and M. Govindarasu, "Novel hybrid schemes employing packet marking and logging for IP traceback," Parallel and Distributed Systems, IEEE Transactions, vol. 17, no. 5, pp. 403-418, 2006. 

[17]K. Kumar, A. Sangal and A. Bhandari, "Traceback techniques against DDOS attacks: A comprehensive review," in Computer and Communication Technology (ICCCT), 2011. 

[18]M. Saleh and A. Manaf, "A Novel Protective Framework for Defeating HTTP-Based Denial of Service and Distributed Denial of Service Attacks," The Scientific World Journal, 2014. 

[19]W. Zhou, W. Jia, S. Wen, Y. Xiang and W. Zhou, "Detection and defense of application-layer DDoS attacks in backbone web traffic," Future Generation Computer Systems, vol. 38, pp. 36-46, 2013. 

[20]T. M. Cover and T. A, Elements of Information Theory, Wiley, 2006. 

[21]S. Yu and W. Zhou, "Entropy-based collaborative detection of DDOS attacks on community networks," in Pervasive Computing and Communications, 2008. PerCom 2008. Sixth Annual IEEE International Conference on. IEEE, 2008. 

[22]B. B. Gupta, M. Misra and R. C. Joshi, "An ISP level solution to combat DDoS attacks using combined statistical based approach."," in arXiv preprint arXiv:1203.2400, 2012. 

[23]A. Bhandari, A. L. Sangal and K. Kumar, "Performance Metrics for Defense Framework against Distributed Denial of Service Attacks," International Journal of Network Security, vol. VI, pp. 38-47, 2014.