Abstract
High bandwidth DDoS attacks consume more resources and have direct impact at ISP level in contrast to low rate DDoS attacks which lead to graceful degradation of network and are mostly undetectable. Although an array of detection schemes have been proposed, current requirement is a real time DDoS detection mechanism that adapts itself to varying network conditions to give minimum false alarms. DDoS attacks that disturb the distribution of traffic features in ISP domain are reflected by entropic variations on in stream samples. We propose honeypot detection for attack traffic having statistically similar distribution features as legitimate traffic. Next we propose to calibrate the detection mechanism for minimum false alarm rate by varying tolerance factor in real time. Simulations are carried out in ns-2 at different attack strengths. We also report our experimental results over MIT Lincoln lab dataset and its subset KDD 99 dataset. Results show that the proposed approach is comparable to previously reported approaches with an advantage of variable rate attack detection with minimum false positives and negatives.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
