The Research On DDOS Attacks Detection Based On Entropy

DDOS attacks constitute one of the major threats and are among the hardest security problem facing today's Internet. By sending huge amounts of reasonable requests to consume most of network bandwidth or resource, DDOS attacks cause servers denial requests from legal users. Many famous website such as Yahoo, Amazon and CNN were shut down due to the DDOS attacks. In the past few years, with the development of DDOS attacks, new kinds of DDOS attacks appear and cause more damage. Application-Lay DDOS Attack can cause much damage with low resource needed while Low-rate DOS (LDOS) can constantly attack target without detected by traditional IDS. To cope with LDOS, this paper delves into detecting DDOS attacks based on entropy. Its main tasks are the following aspects:Firstly, this paper gives a general overview of the current research about DDOS attacks, such as its architecture, features and typical applications; especially it gives a detailed introduction about Application-Lay DDOS Attack and Low-rate DOS (LDOS).Secondly, this paper summarizes current research about detection approaches of DDOS attacks and introduces many typical detecting technologies.Thirdly, Informed research show entropy-based DDOS detection is suitable for detecting Low-rate DOS. This paper focuses on this approach and introduces correlative theory and algorithm. The problem with this approach is how to determine the most suitable threshold to detect DDOS attacks accurately. To solve this problem, a modified entropy-based (MEB) scheme was proposed, which divides DDOS attacks into different threat level and treats each threat level with according method. In contrast to traditional entropy-based approaches, this MEB scheme brings higher precision and lower false positive rate. We validate the feasibility of this scheme with simulation in NS-2, then test it with date set KDD99 to validate its effectiveness. The results from experiment indicate this MEB scheme can efficiently detect DDOS attacks with higher precision and lower false positive rate.