DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time

2010 International Conference on Broadband, Wireless Computing, Communication and Applications Pub Date : 2010-11-04 DOI:10.1109/BWCCA.2010.153

S. Oshima, T. Nakashima, T. Sueyoshi

{"title":"DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time","authors":"S. Oshima, T. Nakashima, T. Sueyoshi","doi":"10.1109/BWCCA.2010.153","DOIUrl":null,"url":null,"abstract":"DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.","PeriodicalId":196401,"journal":{"name":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BWCCA.2010.153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

Abstract

DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.

查看原文本刊更多论文

基于统计分析的DDoS检测技术，快速响应

对服务器进行DDoS攻击，导致服务器功能异常，最终导致服务器停止运行。以往针对DDoS攻击的检测和防御研究表明，源IP地址或目的端口号的熵值是检测这些攻击的有效指标。在接收少量数据包的组织中，可以减小计算熵值的窗口宽度，以便及早发现攻击。另一方面，较小的窗宽导致难以在较小的可用阈值区域上设置熵值阈值。在本研究中，我们提出了动态阈值随时间序列变化的计算方法。该阈值在窗口宽度较小的情况下有效，从而对攻击做出快速反应。我们提出的方法能够在具有少量数据包的组织中进行早期检测。此外，对于使用不同IP字段的情况，所提出的计算是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 International Conference on Broadband, Wireless Computing, Communication and Applications

自引率

0.00%

发文量