Turkish Journal of Electrical Engineering and Computer Sciences
DOI
10.3906/elk-1706-340
Abstract
Distributed denial of service (DDoS) attacks pose a severe threat to extensively used web-based services and applications. Many detection approaches have been proposed in the literature, but ensuring the security and availability of data, resources, and services to end users remains an ongoing research challenge. Nowadays, the traffic volume of legitimate users has also increased manifold. A flash event (FE) is a high-rate legitimate traffic situation wherein millions of legitimate users start accessing a particular network resource, such as a web server, simultaneously. The detection of DDoS attacks becomes more challenging when DDoS attacks are launched during behaviorally similar FEs. This research paper proposes a generalized detection system for metrics, based on information theory, capable of detecting different types of DDoS attacks and FEs. We used publically available MIT Lincoln, CAIDA, and FIFA datasets along with a synthetically generated DDoSTB dataset to validate the proposed detection algorithm in terms of various detection system evaluation metrics such as false positive rate, false negative rate, classification rate, and detection accuracy. Such a generalized detection system would be useful to researchers for validating and comparing various information theory metrics based solutions.
Keywords
DDoS attacks, network security, information theory, flash event, entropy, divergence
First Page
1759
Last Page
1770
Recommended Citation
BEHAL, SUNNY; KUMAR, KRISHAN; and SACHDEVA, MONIKA
(2018)
"A generalized detection system to detect distributed denial of service attacks and flash events for information theory metrics,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 26:
No.
4, Article 7.
https://doi.org/10.3906/elk-1706-340
Available at:
https://journals.tubitak.gov.tr/elektrik/vol26/iss4/7
Included in
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons