Detection and Discrimination of DDoS Attacks from Flash Crowd Using Entropy Variations
No Thumbnail Available
Date
2013
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Internet is a worldwide network that combines millions local to global scope, private public,
academics, business, optical network technologies, government networks. It carries an expandable range
of information resources and services which lead to bulk exchange of traffic over the Internet every day.
This excessive popularity creates some troubles in the networks. Among them. Flash Crowd and
Distributed Denial of Service (DDoS) attacks are the two major events. Web services needs stability and
security from these two concerns. There are some methods that can discriminate DDoS attack from flash
crowd and trace the sources of the attack in huge volume of network traffic. However, it is difficult to
detect the exaet sources of DDoS attacks in network traffic when Flash crowd event is also present. Due to
the alikeness of these two anomalies, attacker can easily mimic the malicious flow into legitimate traffic
patterns and defence system cannot detect real sourees of attack on time. In this paper, entropy variation,
a theoretie parameter, is used to discriminate DDoS attack from Flash Crowd and trace the sources of the
DDoS attack. Entropy variation is a theoretic concept which is a measure of changes in concentration of
distribution of flows at a router for a given time duration. The proposed strategy is effective and
efficiently scalable that has several advantages like memory non intensive, minimum overhead in terms of
resources and time, and independent of traffic pattern.