loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Domenico Vitali 1 ; Antonio Villani 2 ; Angelo Spognardi 1 ; Roberto Battistoni 1 and Luigi V. Mancini 1

Affiliations: 1 “Sapienza” University of Rome, Italy ; 2 University of Roma Tre, Italy

ISBN: 978-989-8565-24-2

Keyword(s): DDoS, Attack Detection, Information Divergence, Relative Entropy, Autonomous System, Internet Security.

Related Ontology Subjects/Areas/Topics: Critical Infrastructure Protection ; Information and Systems Security ; Network Security ; Security in Information Systems ; Security Metrics and Measurement ; Wireless Network Security

Abstract: Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) constitute one of the main issues for critical Internet services. The widespread availability and simplicity of automated stressing tools has also promoted the voluntary participation to extensive attacks against known websites. Today the most effective (D)DoS detection schemes are based on information theory metrics, but their effectiveness is often evaluated with synthetic network traffic. In this work we present a comparison of the main metrics proposed in the literature carried on a huge dataset formed by real netflows. This comparison considers the ability of each metric to detect (D)DoS attacks at an early stage, in order to launch effective and timely countermeasures. The evaluation is based on a large dataset, collected from an Italian transit tier II Autonomous System (AS) located in Rome. This AS network is connected to all the three main network infrastructures present in Italy (Commercial, Research and Publi c Administration networks), and to several international providers (even for Internet transit purposes). Many attempted attacks to Italian critical IT infrastructures can be observed inside the network traffic of this AS. Several publicly declared attacks have been traced and many other malicious activities have been found by ex-post analysis. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.172.195.49

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Vitali, D.; Villani, A.; Spognardi, A.; Battistoni, R. and V. Mancini, L. (2012). DDoS Detection with Information Theory Metrics and Netflows - A Real Case.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 172-181. DOI: 10.5220/0004064501720181

@conference{secrypt12,
author={Domenico Vitali. and Antonio Villani. and Angelo Spognardi. and Roberto Battistoni. and Luigi V. Mancini.},
title={DDoS Detection with Information Theory Metrics and Netflows - A Real Case},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={172-181},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004064501720181},
isbn={978-989-8565-24-2},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - DDoS Detection with Information Theory Metrics and Netflows - A Real Case
SN - 978-989-8565-24-2
AU - Vitali, D.
AU - Villani, A.
AU - Spognardi, A.
AU - Battistoni, R.
AU - V. Mancini, L.
PY - 2012
SP - 172
EP - 181
DO - 10.5220/0004064501720181

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.