Home // ICN 2014, The Thirteenth International Conference on Networks // View article

DDoS Attack Detection Using Flow Entropy and Packet Sampling on Huge Networks

Authors:
Jae-Hyun Jun
Dongjoon Lee
Cheol-Woong Ahn
Sung-Ho Kim

Keywords: packet sampling; flow entropy; ddos detection; Network Security

Abstract:
While the increasing number of services available through computer networks is a source of great convenience for users, it raises several concerns, including the threat of hacking and the invasion of user privacy. Hackers can easily block network services by flooding traffic to servers or by breaking through network security, hence causing significant economic loss. It is well know that a Distributed Denial of Service (DDoS) attack, which robs the targeted server of valuable computational resources, is hard to defend against. In order to address and nullify the threat to computer networks from DDoS attacks, an effective detection method is required. Hence, huge networks need an intrusion detection system for real-time detection. In this paper, we propose the flow entropy- and packet sampling-based detection mechanism against DDoS attacks in order to guarantee normal network traffic and prevent DDoS attacks. Our approach is proved to be efficient via OPNET simulation results.

Pages: 185 to 190

Copyright: Copyright (c) IARIA, 2014

Publication date: February 23, 2014

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-318-6

Location: Nice, France

Dates: from February 23, 2014 to February 27, 2014