UDP Flooding Attack Detection Using Information Metric Measure
UDP flooding is one of the most pursued DDoS attack among the attackers. Extensive research solutions focused on other DDoS flooding attacks could be found, but little work to deal UDP flooding attack traffic exists. Due to the stateless nature of UDP, the detection of the attack is very difficult and can effectively throttle the victim with unwanted traffic. In this paper, we present a solution to detect UDP flooding attack based on generalized entropy information metric and also determine the malicious source IP (SIP) addresses by carrying out the attack. We conduct our experiment on some captured attack traffic and the results demonstrate that the proposed solution can effectively detect UDP flooding attack along with the malicious SIP addresses.
KeywordsDDoS UDP Information metric Renyi’s entropy Shannon’s entropy
This work is supported by Ministry of Human Resource and Development (MHRD), Government of India, under Frontier Areas of Science and Technology (FAST).
- 1.Arbor Networks: Worldwide Infrastructure Security Report. http://www.techworld.com/news/security/worlds-largest-ddos-attack-reached-400gbps-says-arbor-networks-3595715/.
- 2.The Availability Digests: Surviving DNS DDoS Attack? http://www.secure64.com.
- 3.The Business of Technology (Bits): Hackers Step Up Attacks After Megaupload Shutdown. http://bits.blogs.nytimes.com/2012/01/24/.
- 4.Anonymous DDoS Activity. https://www.us-cert.gov/ncas/alerts/TA12-024A.
- 8.Zhang, M., Dusi, M., John, W., & Chen, C. (2009). Analysis of UDP traffic usage on internet backbone links. In 9th Annual International Symposium on Applications and the Internet (SAINT 2009) (pp. 280–281). Seattle: IEEE.Google Scholar
- 9.Ahmed, E., Mohay, G., Tickle, A., & Bhatia, S. (2010). Use of IP addresses for high rate flooding attack detection. In K. Rannenberg, V. Varadharajan, & W. Christian (Eds.), Security and privacy—silver linings in the cloud (Vol. 330, pp. 124–135)., IFIP Advances in Information and Communication Technology Heidelberg: Springer.CrossRefGoogle Scholar
- 10.Salem, O., Makke, A., Tajer, J., & Mehaoua, A. (2011). Flooding attacks detection in traffic of backbone networks. In 36th IEEE Conference on Local Computer Networks (pp. 441–449). Bonn: IEEE.Google Scholar
- 11.Bardas, A. G., Zomlot, L., Sundaramurthy, S. C., Ou, X., Rajagopalan, S. R., & Eisenbarth, M. R. (2012). Classification of UDP traffic for DDoS detection. In 5th USENIX Conference on Large-Scale Exploits and Emergent Threats (pp. 7–7). Berkeley: USENIX Association.Google Scholar
- 12.Chen, S. W., Wu, J. X., Ye, X. L., & Guo, T. (2013). Distributed denial of service attacks detection method based on conditional random fields. Journal of Networks., 8, 858–865.Google Scholar
- 13.Preetha, G., Devi, B. S. K., & Shalinie, S. M. (2014). Autonomous agent for DDoS attack detection and defense in an experimental testbed. International Journal of Fuzzy Systems, 16, 520–528.Google Scholar
- 14.Renyi, A. (1961). On measures of entropy and information. In 4th Berkeley Symposium on Mathematical Statistics and Probability (pp. 547–561). University of California Press.Google Scholar
- 16.UCLA CSD Packet Traces. http://www.lasr.cs.ucla.edu/ddos/traces/.