基于统计分析的DDoS检测技术，快速响应

2010 International Conference on Broadband, Wireless Computing, Communication and Applications Pub Date : 2010-11-04 DOI:10.1109/BWCCA.2010.153

S. Oshima, T. Nakashima, T. Sueyoshi

{"title":"基于统计分析的DDoS检测技术，快速响应","authors":"S. Oshima, T. Nakashima, T. Sueyoshi","doi":"10.1109/BWCCA.2010.153","DOIUrl":null,"url":null,"abstract":"DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.","PeriodicalId":196401,"journal":{"name":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time\",\"authors\":\"S. Oshima, T. Nakashima, T. Sueyoshi\",\"doi\":\"10.1109/BWCCA.2010.153\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.\",\"PeriodicalId\":196401,\"journal\":{\"name\":\"2010 International Conference on Broadband, Wireless Computing, Communication and Applications\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-11-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Broadband, Wireless Computing, Communication and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BWCCA.2010.153\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Broadband, Wireless Computing, Communication and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BWCCA.2010.153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

摘要

对服务器进行DDoS攻击，导致服务器功能异常，最终导致服务器停止运行。以往针对DDoS攻击的检测和防御研究表明，源IP地址或目的端口号的熵值是检测这些攻击的有效指标。在接收少量数据包的组织中，可以减小计算熵值的窗口宽度，以便及早发现攻击。另一方面，较小的窗宽导致难以在较小的可用阈值区域上设置熵值阈值。在本研究中，我们提出了动态阈值随时间序列变化的计算方法。该阈值在窗口宽度较小的情况下有效，从而对攻击做出快速反应。我们提出的方法能够在具有少量数据包的组织中进行早期检测。此外，对于使用不同IP字段的情况，所提出的计算是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DDoS Detection Technique Using Statistical Analysis to Generate Quick Response Time

DDoS attacks to servers cause the dysfunctional condition and finally bring the server to be stopped. Previous researches to detect and defense for DDoS attacks have shown that the entropy for the source IP address or destination port number is the effective metric to detect these DoS/DDoS attacks. In the organization incoming the small amount of packets, the window width to calculate an entropy value could be reduced in order to detect attacks early. On the other hand, the small window width leads to the difficulty to set the threshold of entropy value over the small available threshold value area. In this research, we propose the calculation method of the dynamic threshold varying the time sequence. This threshold will be effective on the case of the small window width leading the quick response to the attacks. Our proposed method could be able to early detect in the organization with the small amount of packets. In addition, the proposed calculation is effective for the case using the different IP fields.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 International Conference on Broadband, Wireless Computing, Communication and Applications

自引率

0.00%

发文量