Abstract
Now a days the Internet has become common man’s communication channel and due to that ensuring security at all levels has become tedious.Denial of Service (DoS) attacks have grown to give rise to Distributed Denial of Service (DDoS) attacks. Due to the open access of Internet the software tools for generating bots are easily available. This has increased the span of DDoS. The traditional methods of DDoS detection fail to detect this emerging breed of attacks. In the recent past Shannon entropy analysis has been done for detection of intrusions in the computer network. Shannon entropy however has limitations in failing to detect attacks of very short duration. Generalized form of Non extensive Tsallis entropy has been tested to look into weaknesses of Shannon entropy. Secondly, there has been growth in the area of application of wavelets to signal processing. Because of their inherent nature wavelets beautifully capture the nature of traffic at multiple scales. We have tried to use Daubechies wavelets to measure Tsallis entropy with different moments and have detected the sudden changes induced in the traffic pattern because of DDoS attacks.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
CERT.: Overview of Dos and DDoS attacks, http://www.us-cert.gov/cas/tips/ST04-015.html
Lu, W., Ghorbani, A.A.: Network Anomaly Detection Based on Wavelet Analysis. EURASIP Journal on Advances in Signal Processing 2009, 1–17 (2009)
Alarcon-Aquino, V., Barria, J.A.: Anomaly Detection in Communication networks using wavelets. In: IEE Proceedings-Communications, pp. 355–362 (2001)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: ACM SIGCOMM Proceedings Internet Measurement Workshop (2002)
Cheng, C.M., Kung, H.T., Tan, K.S.: Use of spectral analysis in defense against DoS attacks. In: IEEE GLOBECOM Proceedings, pp. 2143–2148 (2002)
Limthong, K., Kensuke, F., Watanapongse, P.: Wavelet-Based Unwanted Traffic Time Series Analysis. In: IEEE International Conference on Computer and Electrical Engineering, pp. 445–449 (2008)
Hussain, A., Heidemann, J., Papadopoulos, C.: Identification of repeated denial of service attacks. In: Proceedings of the IEEE Infocom, pp. 1–15 (2006)
Magnaghi, A., Hamada, T., Katsuyama, T.: A Wavelet-Based Framework for Proactive Detection of Network Misconfigurations. In: Proceedings of ACM Workshop on Network Troubleshooting (2004)
He, X., Papadopoulos, C., Heidemann, J., Mitra, U., Riaz, U.: Remote detection of bottleneck links using spectral and statistical methods. In: ACM International Journal of Computer and Telecommunications Networking, pp. 279–298 (2009)
Carl, G., Brooks, R.R., Rai, S.: Wavelet based denial-of-service detection. ELSEVIER Journal on Computers & Security 25, 600–615 (2006)
Hamdi, M., Boudriga, N.: Detecting denial-of service attacks using the wavelet transform. ELSEVIER Computer Communications 30, 3203–3213 (2007)
Xunyi, R., Ruchuan, W., Haiyan, W.: Wavelet analysis method for detection of DDoS attack on the basis of self-similarity. Frontiers of Electrical and Electronic Engineering in China 2(1), 73–77 (2007)
Lu, W., Tavallaee, M., Ghorbani, A.A.: Detecting network anomalies using different wavelet basis functions. In: Proceedings of the Communication Networks and Services Research Conference, pp. 149–156 (2008)
Bartlett, G., Rey, M.D., Heidemann, J., Papadopoulos, C.: Using Low-Rate Flow Periodicities for Anomaly Detection Extended Technical Report ISI-TR-661 (2009)
Leland, W., Taqqu, M., Willinger, W., Wilson, D.: On the self-similar nature of Ethernet traffic. In: Proceedings of ACM SIGCOMM, pp. 183–193 (1993)
Li, L., Lee, G.: DDoS attack detection and wavelets. In: 12th International Conference on Computer Communications and Networks, pp. 421–427 (2003)
Pacheco, J.C.R., Roman, D.T.: Distinguishing fractal noises and motions using Tsallis Wavelet entropies. In: 2010 IEEE Latin/American Conference on Communications, pp. 1–5 (2010)
Abe, S., Suzuki, N.: Itineration of the Internet over Non-equilibrium Stationary States in Tsallis. Statistics in Physical Review E 67 (2003)
Dainotti, A., Pescapé, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: IEEE Conference on Global Communications, pp. 1–6 (2006)
Perez, D.G., Zunino, L., Garavaglia, M., Rosso, O.A.: Wavelet entropy and fractional Brownian motion time series. Physica A 365(2), 282–288 (2006)
Karmeshu, Sharma, S.: Power Law and Tsallis Entropy: Network Traffic and Applications. In: Chaos, Nonliniearity and Complexity. STUDFUZZ, vol. 206, pp. 162–178. Springer (2006)
Abry, P., Veitch, D.: Wavelet analysis of long-range dependent trafic. IEEE Transactions on Information Theory 44, 1111–1124 (1998)
Stoev, S., Taqqu, M.S., Park, C., Marron, J.S.: On the Wavelet Spectrum Diagnostic for Hurst Parameter Estimation in the analysis of Internet Trafic. ACM Journal on Computer Networks 48, 423–445 (2005)
Abry, P., Veitch, D., Flandrin, P.: Long-Range Dependence: Revisiting Aggregation with Wavelets. Journal of Time Series Analysis 19(3), 253–266 (1998)
Tellenbach, B., Burkhart, M., Sornette, D., Maillart, T.: Beyond Shannon: Characterizing Internet Traffic with Generalized Entropy Metrics, pp. 239–248. Springer, Berlin (2009)
Mirkovic, J., Hussain, A., Fahmy, S., Reiher, P., Thomas, R.: Accurately Measuring Denial of Service in Simulation and Testbed Experiments. IEEE Transactions on Dependable & Secure Computing 6(2), 81–95 (2009)
Moore, D., Shannon, C., Brown, J.: Code-Red: A case study on the spread and victims of an Internet worm. In: Proceedings of Internet Measurement Workshop (2002)
The Internet Traffic Archives, http://ita.ee.lbl.gov/html/traces.html
Labovitz, C., Johnson, S.I., McPherson, D., Oberheide, J., Jahanian, F.: Internet inter-domain traffic. In: Proceedings of ACM SIGCOMM, vol. 40, pp. 75–86 (2010)
Peng, T., Leckie, C., Ramamohanrao, K.: Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys 39(1) (2007)
Roghan, M., Veitch, D., Abry, P.: Real-time estimation of the parameters of long-range dependence. IEEE/ACM Transactions on Networking, 467–478 (2000)
Kuzmanovic, A., Knightly, E.: Low-Rate TCP-Targeted Denial of Service (The Shrew vs. the Mice and Elephants). In: ACM SIGCOMM Proceedings, pp. 75–86 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kaur, G., Saxena, V., Gupta, J.P. (2012). DDoS Detection with Daubechies. In: Parashar, M., Kaushik, D., Rana, O.F., Samtaney, R., Yang, Y., Zomaya, A. (eds) Contemporary Computing. IC3 2012. Communications in Computer and Information Science, vol 306. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32129-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-32129-0_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32128-3
Online ISBN: 978-3-642-32129-0
eBook Packages: Computer ScienceComputer Science (R0)