DDoS flooding attack detection through a step-by-step investigation

Slides:



Advertisements
Similar presentations
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Advertisements

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 A TCAM-based solution for integrated traffic anomaly detection and policy filtering Author: Zhijun Wang, Hao Che, Jiannong Cao, Jingshan Wang Publisher:
Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
Worm Origin Identification Using Random Moonwalks Yinglian Xie, V. Sekar, D. A. Maltz, M. K. Reiter, Hui Zhang 2005 IEEE Symposium on Security and Privacy.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
1 A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection 許富皓 資訊工程學系 中央大學 1.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
1 Design of Bloom Filter Array for Network Anomaly Detection Author: Jieyan Fan, Dapeng Wu, Kejie Lu, Antonio Nucci Publisher: IEEE GLOBECOM 2006 Presenter:
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.
1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.
Design and Implementation of SIP-aware DDoS Attack Detection System.
Water Torture: A Slow Drip DNS DDoS Attack on QTNet
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.
Enhanced power efficient sleep mode operation for IEEE e based WiMAX Shengqing Zhu, and Tianlei Wang IEEE Mobile WiMAX Symposium, 2007 IEEE Mobile.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
1 The Research on Analyzing Time- Series Data and Anomaly Detection in Internet Flow Yoshiaki HARADA Graduate School of Information Science and Electrical.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
--Harish Reddy Vemula Distributed Denial of Service.
DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.
Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Transmission Control Protocol TCP. Transport layer function.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.
Distributed Denial of Service Attacks
Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
DoS/DDoS attack and defense
Early Detection of DDoS Attacks against SDN Controllers
1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University
Security System for KOREN/APII-Testbed
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
© 2002, Cisco Systems, Inc. All rights reserved..
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering.
ID NO : 1070 S. VARALAKSHMI Sethu Institute Of Tech IV year -ECE department CEC Batch : AUG 2012.
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Network System Lab. Sungkyunkwan Univ. Differentiated Access Mechanism in Cognitive Radio Networks with Energy-Harvesting Nodes Network System Lab. Yunmin.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.
Mitigating Distributed Denial of Service Attacks Using a Proportional- Integral-Derivative Controller Marcus Tylutki.
Distributed Network Traffic Feature Extraction for a Real-time IDS
Footprinting (definition 1)
Defending Against DDoS
Defending Against DDoS
DDoS Attack Detection under SDN Context
IIT Indore © Neminath Hubballi
DDoS Attack and Its Defense
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Protocol Application TCP/IP Layer Model
Statistical based IDS background introduction
Presentation transcript:

DDoS flooding attack detection through a step-by-step investigation IEEE 2011 Jae-Hyun Jun, Hyunju Oh, Sung-Ho Kim 102064514許哲鳴 Page 1/16

Outline Introduction Principle of entropy DDoS attack detection method by using entropy The result of experiment Conclusion Page 2/16

Introduction Distributed Denial of Service (DDoS) Need an efficient real-time detection. Entropy-based detection mechanism Page 3/16

Entropy(熵) Entropy H is defined as Pi is the probability mass function which is a chance to be observed during random period. If entropy decreases, uncertainty decreases. Page 4/16

DDoS attack detection method by using entropy Page 5/16

DDoS attack detection method by using entropy Step 1: Volume threshold If collected traffic amount during time window is over volume threshold (T1), it judges as first danger and it sends them to next detecting step Page 6/16

DDoS attack detection method by using entropy Step 2: entropy threshold (T2) of destination IP address. Entropy decreases: If traffic in router are heading to some certain IP address. Danger! Entropy increases: If traffic in router are heading to many destination IP address. Page 7/16

DDoS attack detection method by using entropy Step 3: entropy threshold (T3) of transmission port number. Entropy decreases: If a packet has few transmission numbers. Entropy increases: If a packet has various transmission numbers. Danger! Page 8/16

DDoS attack detection method by using entropy Step 4 To compare the packet creation rate threshold (T4) per second Page 9/16

The result of experiment Create normal traffic for web service Time widow = 6 seconds Create DDoS attack Page 10/16

The result of experiment Volume threshold T1 = 1500 Traffic amount flow in router_5 when DDoS attack Page 11/16

The result of experiment threshold T2 = 0.4 The entropy of traffic destination IP address flowed in router_5 when DDoS attack happens Page 12/16

The result of experiment threshold T3 = 0.8 The entropy of source port number of traffic judged the second danger Page 13/16

The result of experiment threshold T4 = 60 Packet creation rate Page 14/16

The result of experiment The traffic came to sever after applying DDoS attack detection method by using entropy Page 15/16

Conclusion The detection method based on entropy is better than the detection method based on volume. There will be more necessity to study detection method with entropy. Page 16/16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.