Traceback of DDoS attacks using entropy variations

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journal

105 Scopus Citations
View graph of relations

Author(s)

  • Shui Yu
  • Wanlei Zhou
  • Robin Doss
  • Weijia Jia

Related Research Unit(s)

Detail(s)

Original languageEnglish
Article number5467062
Pages (from-to)412-425
Journal / PublicationIEEE Transactions on Parallel and Distributed Systems
Volume23
Issue number3
Publication statusPublished - 2012

Abstract

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. However, the memoryless feature of the Internet routing mechanisms makes it extremely hard to trace back to the source of these attacks. As a result, there is no effective and efficient method to deal with this issue so far. In this paper, we propose a novel traceback method for DDoS attacks that is based on entropy variations between normal and DDoS attack traffic, which is fundamentally different from commonly used packet marking techniques. In comparison to the existing DDoS traceback methods, the proposed strategy possesses a number of advantagesit is memory nonintensive, efficiently scalable, robust against packet pollution, and independent of attack traffic patterns. The results of extensive experimental and simulation studies are presented to demonstrate the effectiveness and efficiency of the proposed method. Our experiments show that accurate traceback is possible within 20 seconds (approximately) in a large-scale attack network with thousands of zombies. © 2011 IEEE.

Research Area(s)

  • DDoS, entropy variation, flow, IP traceback

Citation Format(s)

Traceback of DDoS attacks using entropy variations. / Yu, Shui; Zhou, Wanlei; Doss, Robin; Jia, Weijia.

In: IEEE Transactions on Parallel and Distributed Systems, Vol. 23, No. 3, 5467062, 2012, p. 412-425.

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journal