{"title":"基于统计分析的DDoS检测技术,快速响应","authors":"S. Oshima, T. Nakashima, T. Sueyoshi","doi":"10.1109/BWCCA.2010.153","DOIUrl":null,"url":null,"abstract":"DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.","PeriodicalId":196401,"journal":{"name":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time\",\"authors\":\"S. Oshima, T. Nakashima, T. Sueyoshi\",\"doi\":\"10.1109/BWCCA.2010.153\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.\",\"PeriodicalId\":196401,\"journal\":{\"name\":\"2010 International Conference on Broadband, Wireless Computing, Communication and Applications\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-11-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Broadband, Wireless Computing, Communication and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BWCCA.2010.153\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BWCCA.2010.153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time
DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.