Skip to main content
SpringerLink
Log in

DDoS Analysis Using Correlation Coefficient Based on Kolmogorov Complexity

  • Conference paper
Grid and Pervasive Computing (GPC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7861))

Included in the following conference series:

Abstract

This paper describes an approach to detecting distributed denial of services (DDoS) attacks that is based on Information theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity describes that the joint complexity measure of random strings is lower than the sum of complexities of the individual strings when the strings exhibit some correlation. However, Kolmogorov complexity is not calculable, various methods exist to measure estimates of complexity. In the viewpoint of Kolmogorov complexity, we have found out the characteristics of DDoS attacks after analyzing a lot of DDoS attack cases. We propose a new method to compute the joint complexity using Deep Packet Inspection (DPI). DPI depends on string matching process and regular expression heuristics that make a thorough investigation on the packet payloads in a search for networked application signatures. As ISPs backbone links’ speed and data volume increase rapidly, commodity hardware-based DPI systems face performance bottlenecks and the difficulty of scalability, which interferes on traffic classification accuracy dramatically. This paper introduces a lightweight DPI algorithm for an expeditious detection that can detect the presence of a DDoS in the Internet as quickly as possible in order to provide people accurate early warning information and possible reaction time for counteractions. Furthermore, it increases the exactitude of detecting DDoS and doesn’t decrease network backbone’s performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kulkarni, A., Bush, S.: Detecting Distributed Denial-of-Service Attacks Using Kolmogoriv Complexity Metrics. Journal of Network and Systems Management 14(1), 69–80 (2006)

    Article  Google Scholar 

  2. Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proc. of the 7th USENIX Security Symposium, pp. 79–84 (January 1998)

    Google Scholar 

  3. Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters. Internet Mathematics 1(4), 485–509 (2003)

    Article  MathSciNet  Google Scholar 

  4. Lu, W., Traore, I.: A novel unsupervised anomaly detection framework for detecting network attacks in real-time. In: 4th International Conference on Cryptology and Network Security, China (December 2005)

    Google Scholar 

  5. Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. Kluwer (2002)

    Google Scholar 

  6. Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J.: Modeling intrusion detection system using hybrid intelligent systems. Journal of Network and Computer Applications, 114–132 (January 2007)

    Google Scholar 

  7. Guan, Y., Ghorbani, A.A., Belacel, N.: An unsupervised clustering algorithm for intrusion detection. In: Proc. of the 16th Canadian Conference on Artificial Intelligence, Canada, pp. 616–617. Springer (2003)

    Google Scholar 

  8. Lu, W., Traore, I.: Detecting new forms of network intrusions using genetic programming. In: Computational Intelligence, pp. 475–494 (August 2004)

    Google Scholar 

  9. Shyu, M.L., Chen, S., Sarinnapakorn, K., Chang, L.: A novel anomaly detection scheme based on principal component classifier. In: Proc. of the IEEE Foundations and New Directions of Data Mining Workshop, in Conjunction with the 3rd IEEE International Conference on Data Mining, pp. 172–179 (November 2003)

    Google Scholar 

  10. Jin, S., Yeung, D.S., Wang, X.: Network intrusion detection in covariance feature space. Pattern Recognition, 2185–2197 (August 2007)

    Google Scholar 

  11. Soule, A., Salamatian, K., Taft, N.: Combining Filtering and Statistical Methods for Anomaly Detection. In: Proc. of IEEE INFOCOM (2006)

    Google Scholar 

  12. Kapoor, R., Chen, L., Lao, L., Gerla, M., Sanadidi, M.: CapProbe: a simple and accurate capacity estimation technique. In: Proc. ACM SIGCOMM 2004, USA, pp. 67–78 (2004)

    Google Scholar 

  13. Antoniades, D., Athanatos, M., Papadogiannakis, A., Markatos, E., Dovrolis, C.: Available bandwidth measurement as simple as running wget. In: Proc. PAM 2006 (March 2006)

    Google Scholar 

  14. Rebeiro, V., Reidi, R., Baranuik, R., Navratil, J., Cottrell, L.: pathChirp: efficient available bandwidth estimation for network paths. In: Proc. PAM 2003 (April 2003)

    Google Scholar 

  15. Shevtekar, A., Ansari, N.: Is It Congestion or a DDoS Attack? IEEE Communications Letters 13(7) (July 2009)

    Google Scholar 

  16. Bezeq, R., Kim, H., Rozovskii, B., Tartakovsky, A.: A Novel Approach to Detection of Denial-of-Service Attacks via Adaptive Sequential and Batch-Sequential Change-Point Methods. In: IEEE Systems, Man and Cybernetics Information Assurance Workshop (June 2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Communications Engineering, Chungnam National University, 220, Gung Dong, Yusung Gu, Daejeon, 305-764, Korea

    Sung-ju Kim, Byung Chul Kim & Jae Yong Lee

Authors
  1. Sung-ju Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Byung Chul Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jae Yong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul University of Science and Technology (SeoulTech), 139-743, Seoul, Korea

    James J. (Jong Hyuk) Park

  2. Department of Computer Science, University of Georgia, 30602-7404, Athens, GA, USA

    Hamid R. Arabnia

  3. Department of Computer Science and Engineering, Sejong University, 143-747, Seoul, Korea

    Cheonshik Kim

  4. Department of Computer Science, Wayne State University, 48202, Detroit, MI, USA

    Weisong Shi

  5. School of Information Technology Engineering, Catholic University of Daegu, 712-702, Gyeongsan-si, Gyeongbuk, Korea

    Joon-Min Gil

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, Sj., Kim, B.C., Lee, J.Y. (2013). DDoS Analysis Using Correlation Coefficient Based on Kolmogorov Complexity. In: Park, J.J.(.H., Arabnia, H.R., Kim, C., Shi, W., Gil, JM. (eds) Grid and Pervasive Computing. GPC 2013. Lecture Notes in Computer Science, vol 7861. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38027-3_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38027-3_47

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38026-6

  • Online ISBN: 978-3-642-38027-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation