Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
An Entropy based DDoS detection method and implementation
Download
index.pdf
Date
2019
Author
Yücebaş, Süleyman Fürkan
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
267
views
205
downloads
Cite This
Distributed Denial of Service (DDoS) is a cyber attack type involving multiple computer sources which aims to temporarily or permanently deactivate the service provided by a device. This attack type has been listed multiple times as the most used attack types and has a great portion in all types of cyber attacks. Also, these attacks are increasing day by day and poses a threat for cyber security ecosystem. In today's world, these attacks target worldwide organizations and cause them to suffer. DDoS attacks are easy to employ but hard to prevent. There are various methods to decrease the impact of attacks but none of them are exact solutions. With further research about DDoS detection approaches, it is observed that, methods using statistical approaches have better performance than other approaches. In this thesis, we describe an entropy based detection method and implement our method on software defined networks (SDN). The performance of the method is evaluated for various attack types. We propose the use of multiple entropy values and a novel alarm determination based on these entropy values. We conducted a series of experiments with real datasets for four different attack types to evaluate our method. We compare the effectiveness of our entropy parameter selection (5 single attributes and 10 pair of attributes) to entropy calculation with all 3 elements and 4 elements subsets. The results show that our method detects most common attack types at very early stages.
Subject Keywords
Software-defined networking (Computer network technology).
,
DoS
,
DDoS
,
SDN
,
entropy
,
detection methods.
URI
http://etd.lib.metu.edu.tr/upload/12624825/index.pdf
https://hdl.handle.net/11511/45540
Collections
Graduate School of Informatics, Thesis
Suggestions
OpenMETU
Core
A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2018-11)
Distributed Denial of Service (DDoS) attacks continue to adversely affect internet-based services and applications. Various approaches have been proposed to detect different types of DDoS attacks. The computational and memory complexities of most algorithms, however prevent them from being employed in online manner. In this paper, we propose a novel victim end online DDoS attack detection framework based on the celebrated Kernel-based Online Anomaly Detection (KOAD) algorithm and the Mahalanobis distance. W...
An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2019-01-01)
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practic...
A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks
Degirmencioglu, Alptugay; Erdogan, Hasan Tugrul; Mizani, Mehrdad A.; Yilmaz, Oguz (2016-04-29)
SYN flood is a commonly used Distributed Denial of Service (DDoS) attack. SYN flood DDoS attacks consume considerable amount of resources in the target machine. Even with straightforward mitigation solutions, any attack causes resource waste and performance loss in the server, rendering it unable to provide service to legitimate clients. We propose an approach for SYN flood attack mitigation based on supervised learning classification methods which identify and block SYN flood traffic before they reach thei...
A faster intrusion detection method for high-speed computer networks
Tarım, Mehmet Cem; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2011)
The malicious intrusions to computer systems result in the loss of money, time and hidden information which require deployment of intrusion detection systems. Existing intrusion detection methods analyze packet payload to search for certain strings and to match them with a rule database which takes a long time in large size packets. Because of buffer limits, packets may be dropped or the system may stop working due to high CPU load. In this thesis, we investigate signature based intrusion detection with sig...
A simple and effective mechanism for stored video streaming with TCP transport and server-side adaptive frame discard
Gurses, E; Akar, Gözde; Akar, N (Elsevier BV, 2005-07-15)
Transmission control protocol (TCP) with its well-established congestion control mechanism is the prevailing transport layer protocol for non-real time data in current Internet Protocol (IP) networks. It would be desirable to transmit any type of multimedia data using TCP in order to take advantage of the extensive operational experience behind TCP in the Internet. However, some features of TCP including retransmissions and variations in throughput and delay, although not catastrophic for non-real time data...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. F. Yücebaş, “An Entropy based DDoS detection method and implementation,” Thesis (M.S.) -- Graduate School of Informatics. Cyber Security., Middle East Technical University, 2019.