{"title":"一种基于IP报文熵值的DoS攻击检测方法","authors":"K. Kurihara, K. Katagishi","doi":"10.1109/AsiaJCIS.2014.20","DOIUrl":null,"url":null,"abstract":"DoS attack is the threat to ICT (Information and communications technology) society. There are many existed detection methods, but countermeasures has been become difficult according to complication of attacks. In conventional methods, entropy-based methods detect attacks using the property of entropy that it enables to estimate increase and decrease of dispersion of header information values, like IP address, by comparing before and after entropy values in time series. In this method, the detection with only one header information is low accuracy, so some or many header information is necessary for accurate detection. Therefore, time for calculating their entropy is needed and the detection method becomes complicated. In this way, requiring some or many header information is the cause of the such problem. So in this paper, we propose the detection method with only 2 header information that is fewer than conventional methods: \"packet arrival time\" and \"source IP address\". First, we analyzed two datasets, calculated entropy values of header information. Second, we extracted common features of DoS attacks between two datasets, proposed the detection method detect that feature. As a result, the proposed method with only 2 header information became simpler than conventional methods. And we was able to distinguish the attack time from the non-attack time clearly.","PeriodicalId":354543,"journal":{"name":"2014 Ninth Asia Joint Conference on Information Security","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"A Simple Detection Method for DoS Attacks Based on IP Packets Entropy Values\",\"authors\":\"K. Kurihara, K. Katagishi\",\"doi\":\"10.1109/AsiaJCIS.2014.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DoS attack is the threat to ICT (Information and communications technology) society. There are many existed detection methods, but countermeasures has been become difficult according to complication of attacks. In conventional methods, entropy-based methods detect attacks using the property of entropy that it enables to estimate increase and decrease of dispersion of header information values, like IP address, by comparing before and after entropy values in time series. In this method, the detection with only one header information is low accuracy, so some or many header information is necessary for accurate detection. Therefore, time for calculating their entropy is needed and the detection method becomes complicated. In this way, requiring some or many header information is the cause of the such problem. So in this paper, we propose the detection method with only 2 header information that is fewer than conventional methods: \\\"packet arrival time\\\" and \\\"source IP address\\\". First, we analyzed two datasets, calculated entropy values of header information. Second, we extracted common features of DoS attacks between two datasets, proposed the detection method detect that feature. As a result, the proposed method with only 2 header information became simpler than conventional methods. And we was able to distinguish the attack time from the non-attack time clearly.\",\"PeriodicalId\":354543,\"journal\":{\"name\":\"2014 Ninth Asia Joint Conference on Information Security\",\"volume\":\"3 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 Ninth Asia Joint Conference on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AsiaJCIS.2014.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 Ninth Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AsiaJCIS.2014.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Simple Detection Method for DoS Attacks Based on IP Packets Entropy Values
DoS attack is the threat to ICT (Information and communications technology) society. There are many existed detection methods, but countermeasures has been become difficult according to complication of attacks. In conventional methods, entropy-based methods detect attacks using the property of entropy that it enables to estimate increase and decrease of dispersion of header information values, like IP address, by comparing before and after entropy values in time series. In this method, the detection with only one header information is low accuracy, so some or many header information is necessary for accurate detection. Therefore, time for calculating their entropy is needed and the detection method becomes complicated. In this way, requiring some or many header information is the cause of the such problem. So in this paper, we propose the detection method with only 2 header information that is fewer than conventional methods: "packet arrival time" and "source IP address". First, we analyzed two datasets, calculated entropy values of header information. Second, we extracted common features of DoS attacks between two datasets, proposed the detection method detect that feature. As a result, the proposed method with only 2 header information became simpler than conventional methods. And we was able to distinguish the attack time from the non-attack time clearly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
