期刊名称:Journal of King Saud University @?C Computer and Information Sciences
印刷版ISSN:1319-1578
出版年度:2021
卷号:33
期号:3
页码:291-303
DOI:10.1016/j.jksuci.2018.03.005
出版社:Elsevier
摘要:A Distributed Denial of Service (DDoS) attack is an austere menace to extensively used Internet-based services and applications. Despite the presence of enormous DDoS defense solutions, the in-time detection of DDoS attacks poses a stiff challenge to network security professionals. The problem turns further crucial when such attacks are amalgamated with behaviorally similar flash events (FEs) wherein a large number of legitimate users starts accessing a particular service concurrently leading to the denial of service. This paper proposes an anomaly based distributed defense system called D-FAC that not only detect different type of DDoS attacks with efficacy but also efficiently mitigate their impact. D-FAC computes the information distance between legitimate and anomalous network traffic flows using information theory-based ϕ -Divergence metric to detect different types of DDoS attacks and efficiently discriminate them from FEs. D-FAC distribute the computational and storage complexity of computing ϕ -Divergence detection metric to the nearest point of presence (PoP) routers. D-FAC has been validated in an emulation based DDoSTB testbed using real DDoS attack tools and traffic generators. The results clearly show that D-FAC has outperformed existing Entropy and divergence based DDoS defense systems on various detection metrics like detection accuracy, classification rate, FPR, precision and F-measure.
