Entropy clustering approach for improving forecasting in DDoS attacks
Title | Entropy clustering approach for improving forecasting in DDoS attacks |
Publication Type | Conference Paper |
Year of Publication | 2015 |
Authors | Olabelurin, A., Veluru, S., Healing, A., Rajarajan, M. |
Conference Name | 2015 IEEE 12th International Conference on Networking, Sensing and Control |
Date Published | April 2015 |
Publisher | IEEE |
ISBN Number | 978-1-4799-8069-7 |
Keywords | alert management, Algorithm design and analysis, clustering algorithm, Clustering algorithms, Computer crime, computer network security, cyber-range simulation dataset, DDoS Attacks, digital forensic analysis, digital forensics, distributed denial-of-service, distributed denial-of-service (DDoS) detection, Entropy, entropy clustering approach, false positive rate, feature extraction, Forecasting, forecasting theory, FPR, IDS, intrusion detection system, k-means clustering analysis, network analysis, Network security, online anomaly detection, pattern clustering, Ports (Computers), proactive forecast, project industrial partner, pubcrawl170109, Shannon entropy, Shannon-entropy concept, volume anomaly |
Abstract | Volume anomaly such as distributed denial-of-service (DDoS) has been around for ages but with advancement in technologies, they have become stronger, shorter and weapon of choice for attackers. Digital forensic analysis of intrusions using alerts generated by existing intrusion detection system (IDS) faces major challenges, especially for IDS deployed in large networks. In this paper, the concept of automatically sifting through a huge volume of alerts to distinguish the different stages of a DDoS attack is developed. The proposed novel framework is purpose-built to analyze multiple logs from the network for proactive forecast and timely detection of DDoS attacks, through a combined approach of Shannon-entropy concept and clustering algorithm of relevant feature variables. Experimental studies on a cyber-range simulation dataset from the project industrial partners show that the technique is able to distinguish precursor alerts for DDoS attacks, as well as the attack itself with a very low false positive rate (FPR) of 22.5%. Application of this technique greatly assists security experts in network analysis to combat DDoS attacks. |
URL | https://ieeexplore.ieee.org/document/7116055 |
DOI | 10.1109/ICNSC.2015.7116055 |
Citation Key | olabelurin_entropy_2015 |
- pattern clustering
- forecasting theory
- FPR
- IDS
- intrusion detection system
- k-means clustering analysis
- network analysis
- network security
- online anomaly detection
- forecasting
- Ports (Computers)
- proactive forecast
- project industrial partner
- pubcrawl170109
- Shannon entropy
- Shannon-entropy concept
- volume anomaly
- alert management
- feature extraction
- false positive rate
- entropy clustering approach
- Entropy
- distributed denial-of-service (DDoS) detection
- distributed denial-of-service
- Digital Forensics
- digital forensic analysis
- DDoS Attacks
- cyber-range simulation dataset
- computer network security
- Computer crime
- Clustering algorithms
- clustering algorithm
- Algorithm design and analysis