Abstract
Distributed denial-of-service (DDoS) attacks are network-wide attacks that cannot be detected or stopped easily. They affect “natural” spatio-temporal packet traffic patterns, i.e. “natural distributions” of packets passing through the routers. Thus, they affect “natural” information entropy profiles, a sort of “fingerprints”, of normal packet traffic. We study if by monitoring information entropy of packet traffic through selected routers one may detect DDoS attacks or anomalous packet traffic in packet switching network (PSN) models. Our simulations show that the considered DDoS attacks of “ping” type cause shifts in information entropy profiles of packet traffic monitored even at small sets of routers and that it is easier to detect these shifts if static routing is used instead of dynamic routing. Thus, network-wide monitoring of information entropy of packet traffic at properly selected routers may provide means for detecting DDoS attacks and other anomalous packet traffics.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Paul Baran and the Origins of the Internet, http://www.rand.org/about/history/baran.html
http://www.theregister.co.uk/2002/10/23/feds_investigating_largest_ever_internet/
Yuan, J., Mills, K.: Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Transactions on Dependable and Secure Computing 2(4), 1–12 (2005)
Nucci, A., Banneman, S.: Controlled Chaos. In: IEEE Spectrum, December 2007, pp. 43–48 (2007)
Lawniczak, A.T., Wu, H., Di Stefano, B.: DDoS attack detection using entropy of packet traffic in CA like data communication network model. In: Adamatzky, A., et al. (eds.) Automata-2008 Theory and Applications of Cellular Automata, pp. 573–584. Luniver Press, UK (2008)
Lawniczak, A.T., Gerisch, A., Di Stefano, B.: Development and Performance of Cellular Automaton Model of OSI Network Layer of Packet Switching Networks. In: 16th IEEE CCECE 2003 – CCGEI 2003, vol. 2, pp. 1409–1412 (2003)
Lawniczak, A.T., Gerisch, A., Di Stefano, B.: OSI Network-layer Abstraction: Analysis of Simulation Dynamics and Performance Indicators. In: Mendes, J.F., et al. (eds.) AIP Conference Proc., New York, vol. 776, pp. 166–200 (2005)
Gerisch, A., Lawniczak, A.T., Di Stefano, B.: Building Blocks of a Simulation Environment of the OSI Network Layer of Packet Switching Networks. In: 16th IEEE CCECE 2003 – CCGEI 2003, p. 4 (2003)
Lawniczak, A.T., Gerisch, A., Maxie, K., Di Stefano, B.: Netzwerk: Migration of a Packet Switching Network Simulation Enviroment from MS Windows PC to Linux PC and to HPC. In: 19th International Symposium no High Performance Computing Systems and Applications, pp. 280–286. IEEE Press, Los Alamitos (2005)
Leon-Garcia, A., Widjaja, I.: Communication Networks: Fundamental Concepts and Key Architectures. The McGraw-Hill Companies, Inc., New York (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Lawniczak, A.T., Wu, H., Di Stefano, B. (2009). Entropy Based Detection of DDoS Attacks in Packet Switching Network Models. In: Zhou, J. (eds) Complex Sciences. Complex 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 5. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02469-6_57
Download citation
DOI: https://doi.org/10.1007/978-3-642-02469-6_57
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02468-9
Online ISBN: 978-3-642-02469-6
eBook Packages: Computer ScienceComputer Science (R0)