DDoS Detection with Information Theory Metrics and Netflows - A Real Case

Domenico Vitali; Antonio Villani; Angelo Spognardi; Roberto Battistoni; Luigi V. Mancini

doi:10.5220/0004064501720181

DDoS Detection with Information Theory Metrics and Netflows - A Real Case

Domenico Vitali, Antonio Villani, Angelo Spognardi, Roberto Battistoni, Luigi V. Mancini

2012

Abstract

Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) constitute one of the main issues for critical Internet services. The widespread availability and simplicity of automated stressing tools has also promoted the voluntary participation to extensive attacks against known websites. Today the most effective (D)DoS detection schemes are based on information theory metrics, but their effectiveness is often evaluated with synthetic network traffic. In this work we present a comparison of the main metrics proposed in the literature carried on a huge dataset formed by real netflows. This comparison considers the ability of each metric to detect (D)DoS attacks at an early stage, in order to launch effective and timely countermeasures. The evaluation is based on a large dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. This AS network is connected to all the three main network infrastructures present in Italy (Commercial, Research and Public Administration networks), and to several international providers (even for Internet transit purposes). Many attempted attacks to Italian critical IT infrastructures can be observed inside the network traffic of this AS. Several publicly declared attacks have been traced and many other malicious activities have been found by ex-post analysis.

Download

Paper Citation

in Harvard Style

Vitali D., Villani A., Spognardi A., Battistoni R. and V. Mancini L. (2012). DDoS Detection with Information Theory Metrics and Netflows - A Real Case . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 172-181. DOI: 10.5220/0004064501720181

in Bibtex Style

@conference{secrypt12,
author={Domenico Vitali and Antonio Villani and Angelo Spognardi and Roberto Battistoni and Luigi V. Mancini},
title={DDoS Detection with Information Theory Metrics and Netflows - A Real Case},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={172-181},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004064501720181},
isbn={978-989-8565-24-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - DDoS Detection with Information Theory Metrics and Netflows - A Real Case
SN - 978-989-8565-24-2
AU - Vitali D.
AU - Villani A.
AU - Spognardi A.
AU - Battistoni R.
AU - V. Mancini L.
PY - 2012
SP - 172
EP - 181
DO - 10.5220/0004064501720181