Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.4.63

An Effective Feature Generation Method for Distributed Denial of Service Attack Detection using Entropy  

Kim, Tae-Hun (Graduate School of Information Management and Security, Korea University)
Seo, Ki-Taek (Graduate School of Information Management and Security, Korea University)
Lee, Young-Hoon (Graduate School of Information Management and Security, Korea University)
Lim, Jong-In (Graduate School of Information Management and Security, Korea University)
Moon, Jong-Sub (Graduate School of Information Management and Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.4, 2010 , pp. 63-73 More about this Journal
Abstract
Malicious bot programs, the source of distributed denial of service attack, are widespread and the number of PCs which were infected by malicious bot program are increasing geometrically thesedays. The continuous distributed denial of service attacks are happened constantly through these bot PCs and some financial incident cases have found lately. Therefore researches to response distributed denial of service attack are necessary so we propose an effective feature generation method for distributed denial of service attack detection using entropy. In this paper, we apply our method to both the DARPA 2000 datasets and also the distributed denial of service attack datasets that we composed and generated ourself in general university. And then we evaluate how the proposed method is useful through classification using bayesian network classifier.
Keywords
distributed denial of service attack; feature generation; entropy;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann and H. Ian, "The WEKA data mining software," SIGKDD Explorations, vol. 11, no. 1, pp. 10-18, Jun. 2009.   DOI
2 S Terry Brugger and Jedadiah Chow, "An assessment of the DARPA IDS evaluation dataset using snort," UCDAVIS department of Computer Science, May. 2007.
3 MH Lee and CH Ryu, "Internet and security issue," National Internet Development Agency of Korea, vol. 1, Sep. 2009.
4 C.E. Shannon and W. Weaver, "The mathematical theory of communication," University of Illinois Press, 1963.
5 Laura Feinstein and Dan Schnackenberg, "Statistical approaches to DDoS attack detection and Response," IEEE Computer Society, 2003.
6 Liying Li and Jianying Zhou, "DDoS attack detection algorithms based on entropy computing," ICICS Electronic Edition, pp. 452-466, 2007.
7 KS Lee, JH kim, and KH Kwon, ''DDoS attack detection method using cluster analysis," Science Direct Expert Systems with Application 34, 2008.
8 J.H. Ward Jr., "Hierarchical grouping to optimize an objective function," Journal of the American Statistical Association, vol. 58, pp. 236-244, Mar. 1963.   DOI   ScienceOn
9 GJ Park, "Internet security incident trends and analysis," Korea Internet Security Center, Dec. 2009.
10 Mindi McDowell, "Understanding denial of service attacks," US-CERT, Cyber Security ST04-015, Nov. 2004.
11 MIT/LL 2000 DARPA Intrusion Detection Scenario Specific Data Sets, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/2000data.html
12 TH Kim and DS Kim, "Detecting DDoS attacks using dispersible traffic matrix and weighted moving average," Advances in Information Security and Assurance, pp. 290-300, Jun. 2009.
13 B Cha and D Lee, "Network-based anomaly intrusion detection improvement by bayesian netvvork and indirect relation." Lecture Notes in Computer Science, pp. 141-148, Sep. 2007.
14 S Benferhat and K Tabia, "Novel and anomalous behavior detection using bayesian network classifiers," International Conference on Security and Cryptography, 2008.
15 CK Han and HK Choi, "An anomalous event detection system based on information theory," Korean Institute of Information Scientists and Engineers, Information Communicaion vol. 36-3, Jun. 2009.   과학기술학회마을
16 SAS Institute Inc, "Cubic clustering criterion," SAS Technical Report A-108, 56p, Nov. 1983.
17 CH Park, "Efficient linear and nonlinear feature extraction and its application to fingerprint classification," University of Minnesota, 129p, 2004.
18 MH Chung, JI Cho, SY Chae and JS Moon, ''An efficient method for detecting denial of service attacks using kernel based data," Journal of the Korea Institute of Information Security and Cryptology, vol. 19, no. 1, pp. 71-79, Feb. 2009.   과학기술학회마을
19 N. Friedman, D. Geiger, and M. Goldszmidt, "Bayesian network classifiers," Machine Learning 29, pp. 131-163, Nov. 1997.   DOI   ScienceOn
20 T. Joachims, "Making large-scale support vector machine learning practical, Advances in kernel methods: support vector learning," MIT Press, pp.169-184, 1999.
21 Ping DU and SHunji ABE, "IP packet size entropy-based scheme for detection of DoS/DDoS attacks." IEICE Trans. INF. & SYST., vol. E91-D, no. 5, May 2008.
22 http://www.sinet.ad.jp/what-is-the-science-information-network-sinet