Please use this identifier to cite or link to this item: http://ir.juit.ac.in:8080/jspui/jspui/handle/123456789/5941
Title: Entropy Based Detection for DDoS Attack
Authors: Bansal, Gena
Kaur, Ramanpreet [Guided by]
Keywords: Distributed denial of service
Defense mechanism
Manifestation of attack
Algorithm
Issue Date: 2015
Publisher: Jaypee University of Information Technology, Solan, H.P.
Abstract: Distributed Denial of Service (DDoS) attacks have emerged a popular means of causing mass targeted service disruptions, sometime for extended periods of time. The relative ease and low cost of launching such attacks, supplemented by the current inadequate defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is necessary to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. Due to increase in sophistication of attacks and large complex networks have made the defense mechanism challenging. Although a number of techniques have been proposed to defeat DDoS attacks but still it is very hard to detect and respond to DDoS. An important method for DDoS defense is to effectively detect the attack. This report provides an overview of existing DDoS attacks along with the current state of art of detection mechanism. My work focuses on simulating UDP flood based DDoS attack on dumb-bell topology in NS2 environment and analyzing the effect of UDP flooding on various performance metrics. Throughput and packet drop rate are analyzed with and without DDoS attacks. And later, implementing the existing statistical techniques: Entropy Based and Chi-Square approach for DDoS attack detection. The detection mechanism continuously monitors incoming traffic to the server and any abnormal rise in the inbound traffic is detected using Entropy Variation technique. Secondly, Chi- square approach is used to test traffic data with specific distributions. Chi-square goodness-of fit test is that it can be applied to binned data (i.e., traffic data put into classes) and chi-square test is defined for the hypothesis whether the traffic data follow a specified distribution or not. Simulation environment consists of two scenarios: first with the continuous and constant attack traffic and second with the attack varying in timing intervals like attack occurring between time intervals 10-20 ms and 40-50ms.Attack is comparatively easy detect in first scenario than in the second because of the frequent variation. Performance Evaluation considers the detection rate and false positive alarm rate.
URI: http://ir.juit.ac.in:8080/jspui//xmlui/handle/123456789/5941
Appears in Collections:B.Tech. Project Reports

Files in This Item:
File Description SizeFormat 
Entropy Based Detection for DDoS Attack.pdf1.53 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.