Detecting DoS attacks using packet size distribution

Ping Du; Shunji Abe

2nd International ICST Conference on Bio-Inspired Models of Network, Information, and Computing Systems

Research Article

Detecting DoS attacks using packet size distribution

Download764 downloads

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.4108/ICST.BIONETICS2007.2406,
    author={Ping Du and Shunji Abe},
    title={Detecting DoS attacks using packet size distribution},
    proceedings={2nd International ICST Conference on Bio-Inspired Models of Network, Information, and Computing Systems},
    proceedings_a={BIONETICS},
    year={2008},
    month={8},
    keywords={Attack detection  Denial of service attack  Network security},
    doi={10.4108/ICST.BIONETICS2007.2406}
}

Ping Du
Shunji Abe
Year: 2008
Detecting DoS attacks using packet size distribution
BIONETICS
ICST
DOI: 10.4108/ICST.BIONETICS2007.2406

Ping Du¹^,*, Shunji Abe¹^,*

1: National Institute of Informatics, Tokyo, Japan

*Contact email: duping@nii.ac.jp, abe@nii.ac.jp

Abstract

Enabling early detection of Denial of service (DoS) attacks in network traffic is an important and challenging task because DoS attacks have become one of the most serious threats to the Internet. In this paper, we develop an IP packet size entropy (IPSE)-based DoS detection scheme in which the entropy is markedly changed when traffic is affected by an attack. Through our analysis, we find that the IPSE-based scheme is capable of detecting not only long-term attacks but also short-term attacks that are beyond the volume-based schemespsila ability to detect.

Keywords: Attack detection Denial of service attack Network security

Published: 2008-08-29
Modified: 2011-07-11

: http://dx.doi.org/10.4108/ICST.BIONETICS2007.2406