DDoS Attacks Defense System Using Information Metrics

  • P. C. Senthilmahesh
  • S. Hemalatha
  • P. Rodrigues
  • A. Shanthakumari
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 150)


A Distributed Denial-of-Service (DDoS) attack is a distributed, coordinated attack on the availability of services of a target system or network that is launched indirectly through many compromised computing systems. A low-rate DDoS attack is an intelligent attack that the attacker can send attack packets to the victim at a sufficiently low rate to elude current anomaly-based detection. An information metric can quantify the differences of network traffic with various probability distributions. In this paper, an anomaly-based approach using two new information metrics such as the generalized entropy metric and the information distance metric, to detect low-rate DDoS attacks by measuring the difference between legitimate traffic and attack traffic is proposed. DDoS attacks detection metric is combined with IP traceback algorithm to form an effective collaborative defense mechanism against DDoS attacks.


Information metrics IP traceback Low-rate DDoS attack 


  1. 1.
    Ashley C, Jaipal S, Wanlei Z (2009) Chaos theory based detection against network mimicking DDoS attacks. IEEE Commun Lett 13(9):717–719Google Scholar
  2. 2.
    Xiang Y, Li K, Zhou W (2011) Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans Inform Forensics Secur 6(2):426–437Google Scholar
  3. 3.
    Yu S, Zhou W, Doss R, Jia W (2011) Traceback of DDoS attacks using entropy variations. IEEE Trans Parallel Distribd Sys 22(3):412–425Google Scholar
  4. 4.
    Li K, Zhou W, Yu S (2009) Effective metric for detecting distributed denial-of- service attacks based on information divergence. IET Commun 3(12):1859–2860Google Scholar
  5. 5.
    Yu S, Zhou W, Doss R (2008) Information theory based detection against network behavior mimicking DDoS attack. IEEE Commun Lett 12:319−321Google Scholar
  6. 6.
    Sheng Z, Zhang Q, Pan X, Xuhui Z (2010) Detection of low-rate DDoS attack based on self-similarity. In; Proceeding International Workshop on Education Technology and Computer Science pp 333–336Google Scholar
  7. 7.
    Liu Y, Yin J, Cheng J, Zhang B (2010) detecting ddos attacks using conditional entropy. International conference on computer application and system modeling (ICCASM 2010)Google Scholar
  8. 8.
    Giseop N, Ilkyeun R (2009) An efficient and reliable DDoS attack detection using a fast entropy computation method. ISCITGoogle Scholar
  9. 9.
    Lee W, Xiang D (2001) Information-Theoretic measures for anomaly detection. In: Proceeding IEEE Symposium Security and Privacy pp 130–143Google Scholar

Copyright information

© Springer Science+Business Media New York 2013

Authors and Affiliations

  • P. C. Senthilmahesh
    • 1
  • S. Hemalatha
    • 2
  • P. Rodrigues
    • 3
  • A. Shanthakumari
    • 4
  1. 1.Anna UniversityChennaiIndia
  2. 2.Anna UniversityChennaiIndia
  3. 3.Velammal Engineering CollegeChennaiIndia
  4. 4.Department of Computer Science and EngineeringArunai Engineering CollegeTiruvannamalaiIndia

Personalised recommendations