UDP Flooding Attack Detection Using Information Metric Measure

  • Debojit Boro
  • Himant Basumatary
  • Tribeni Goswami
  • Dhruba K. Bhattacharyya
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 408)


UDP flooding is one of the most pursued DDoS attack among the attackers. Extensive research solutions focused on other DDoS flooding attacks could be found, but little work to deal UDP flooding attack traffic exists. Due to the stateless nature of UDP, the detection of the attack is very difficult and can effectively throttle the victim with unwanted traffic. In this paper, we present a solution to detect UDP flooding attack based on generalized entropy information metric and also determine the malicious source IP (SIP) addresses by carrying out the attack. We conduct our experiment on some captured attack traffic and the results demonstrate that the proposed solution can effectively detect UDP flooding attack along with the malicious SIP addresses.


DDoS UDP Information metric Renyi’s entropy Shannon’s entropy 



This work is supported by Ministry of Human Resource and Development (MHRD), Government of India, under Frontier Areas of Science and Technology (FAST).


  1. 1.
  2. 2.
    The Availability Digests: Surviving DNS DDoS Attack?
  3. 3.
    The Business of Technology (Bits): Hackers Step Up Attacks After Megaupload Shutdown.
  4. 4.
  5. 5.
    Chen, Y., Hwang, K., & Ku, W. S. (2007). Collaborative detection of DDoS attacks over multiple network domains. IEEE Transactions on Parallel and Distributed Systems, 18, 1649–1662.CrossRefGoogle Scholar
  6. 6.
    Chou, J., Lin, B., Sen, S., & Spatscheck, O. (2009). Proactive surge protection: A defense mechanism for bandwidth-based attacks. IEEE/ACM Transactions on Networking, 17, 1711–1723.CrossRefGoogle Scholar
  7. 7.
    Keshariya, A., & Foukia, N. (2010). DDoS defense mechanisms: A new taxonomy. In J. G. Alfaro, G. N. Arribas, N. C. Boulahia, & Y. Roudier (Eds.), Data privacy management and autonomous spontaneous security (Vol. 5939, pp. 222–236)., LNCS Heidelberg: Springer.CrossRefGoogle Scholar
  8. 8.
    Zhang, M., Dusi, M., John, W., & Chen, C. (2009). Analysis of UDP traffic usage on internet backbone links. In 9th Annual International Symposium on Applications and the Internet (SAINT 2009) (pp. 280–281). Seattle: IEEE.Google Scholar
  9. 9.
    Ahmed, E., Mohay, G., Tickle, A., & Bhatia, S. (2010). Use of IP addresses for high rate flooding attack detection. In K. Rannenberg, V. Varadharajan, & W. Christian (Eds.), Security and privacy—silver linings in the cloud (Vol. 330, pp. 124–135)., IFIP Advances in Information and Communication Technology Heidelberg: Springer.CrossRefGoogle Scholar
  10. 10.
    Salem, O., Makke, A., Tajer, J., & Mehaoua, A. (2011). Flooding attacks detection in traffic of backbone networks. In 36th IEEE Conference on Local Computer Networks (pp. 441–449). Bonn: IEEE.Google Scholar
  11. 11.
    Bardas, A. G., Zomlot, L., Sundaramurthy, S. C., Ou, X., Rajagopalan, S. R., & Eisenbarth, M. R. (2012). Classification of UDP traffic for DDoS detection. In 5th USENIX Conference on Large-Scale Exploits and Emergent Threats (pp. 7–7). Berkeley: USENIX Association.Google Scholar
  12. 12.
    Chen, S. W., Wu, J. X., Ye, X. L., & Guo, T. (2013). Distributed denial of service attacks detection method based on conditional random fields. Journal of Networks., 8, 858–865.Google Scholar
  13. 13.
    Preetha, G., Devi, B. S. K., & Shalinie, S. M. (2014). Autonomous agent for DDoS attack detection and defense in an experimental testbed. International Journal of Fuzzy Systems, 16, 520–528.Google Scholar
  14. 14.
    Renyi, A. (1961). On measures of entropy and information. In 4th Berkeley Symposium on Mathematical Statistics and Probability (pp. 547–561). University of California Press.Google Scholar
  15. 15.
    Shannon, C. E. (1948). A mathematical theory of communication. The Bell System Technical Journal, 27, 379–423.CrossRefMathSciNetzbMATHGoogle Scholar
  16. 16.
  17. 17.
  18. 18.

Copyright information

© Springer Science+Business Media Singapore 2016

Authors and Affiliations

  • Debojit Boro
    • 1
  • Himant Basumatary
    • 1
  • Tribeni Goswami
    • 1
  • Dhruba K. Bhattacharyya
    • 1
  1. 1.Department of Computer Science and EngineeringTezpur UniversityTezpurIndia

Personalised recommendations