What is it about?
Denial-of-service (DoS) attacks are an important issue in today's Internet, causing damage to organizations that depend on their online presence. In this paper we investigate the use of flow size distribution (FSD) for entropy based detection of DoS attacks. FSD is distribution of sizes of IP packets flows. The performance of FSD based detection is compared to the performance of detection based on distribution of addresses of IP packets.
Featured Image
Why is it important?
Our findings show that with respect to the detection rate, the performance of flow size distribution (FSD) based detector is superior to the performance of detector based on distribution of addresses of IP packets. With respect to the detection delay, two detectors perform similarly.
Perspectives
The flow size distribution has been considered as an information source for entropy based DoS detection for already some time, but simple packet distributions (most notably IP addresses) are still very much used as the primary source in research. In this paper we compare the performance of the two detection methods.
Dr Ilija Basicevic
University of Novi Sad
Read the Original
This page is a summary of: The value of flow size distribution in entropy-based detection of DoS attacks, Security and Communication Networks, November 2015, Wiley,
DOI: 10.1002/sec.1391.
You can read the full text:
Contributors
The following have contributed to this page
