Abstract
This paper explores the nature of threats posed by Distributed Denial of Service (DDoS) attacks on large networks, such as the Internet, emphasizing the need for effective detection and response mechanisms. These mechanisms must be implemented not only at the network edge but also within its core. The paper introduces methods to detect DDoS attacks by analyzing entropy and frequency-sorted distributions of specific packet attributes. Anomalies in these attributes' characteristics serve as indicators of potential DDoS attacks. The proposed methods are evaluated for detection accuracy and performance using live traffic traces collected from diverse network environments, including core Internet nodes and edge networks. Results demonstrate the effectiveness of these methods against current DDoS attacks and provide insights into improving detection capabilities for more sophisticated, stealthier threats. Additionally, the paper describes a detection-response prototype and discusses how the detection system can be extended to support effective response decision-making.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call