A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain

Abstract

DDoS attacks are best detected near the victim's site as maximum attack traffic converges at this point. In most of the current solutions, monitoring and analysis of traffic for DDoS detection have been carried at a single link which connects victim to ISP. However the mammoth volume generated by DDoS attacks pose the biggest challenge in terms of memory and computational overheads. These overheads make DDoS solution itself vulnerable against DDoS attacks. We propose to distribute these overheads amongst all POPs of the ISP using an ISP level traffic feature distribution based approach. An ISP level topology and well known attack tools are used for simulations in ns-2. The comparison with volume based approach clearly indicates the supremacy of the proposed methodology