CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 9091 > Article
Paper
20 June 2014 Deceiving entropy-based DoS detection
İlker Özçelik, Richard R. Brooks
Author Affiliations +
Proceedings Volume 9091, Signal Processing, Sensor/Information Fusion, and Target Recognition XXIII; 90911P (2014) https://doi.org/10.1117/12.2054434
Event: SPIE Defense + Security, 2014, Baltimore, MD, United States
Abstract
Denial of Service (DoS) attacks disable network services for legitimate users. A McAfee report shows that eight out of ten Critical Infrastructure Providers (CIPs) surveyed had a significant Distributed DoS (DDoS) attack in 2010.1 Researchers proposed many approaches for detecting these attacks in the past decade. Anomaly based DoS detection is the most common. In this approach, the detector uses statistical features; such as the entropy of incoming packet header fields like source IP addresses or protocol type. It calculates the observed statistical feature and triggers an alarm if an extreme deviation occurs. However, intrusion detection systems (IDS) using entropy based detection can be fooled by spoofing. An attacker can sniff the network to collect header field data of network packets coming from distributed nodes on the Internet and fuses them to calculate the entropy of normal background traffic. Then s/he can spoof attack packets to keep the entropy value in the expected range during the attack. In this study, we present a proof of concept entropy spoofing attack that deceives entropy based detection approaches. Our preliminary results show that spoofing attacks cause significant detection performance degradation.
© (2014) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
İlker Özçelik and Richard R. Brooks "Deceiving entropy-based DoS detection", Proc. SPIE 9091, Signal Processing, Sensor/Information Fusion, and Target Recognition XXIII, 90911P (20 June 2014); https://doi.org/10.1117/12.2054434
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 7 PAGES
DOWNLOAD PAPER SAVE TO MY LIBRARY
GET CITATION
Lens.org Logo
CITATIONS
Cited by 2 scholarly publications.
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Internet
Sensors
Computer intrusion detection
Signal processing
Telecommunications
Current controlled current source
Detection and tracking algorithms
RELATED CONTENT
CPHD filters with unknown quadratic clutter generators
Proceedings of SPIE (May 21 2015)
A novel algorithm for long pseudo code acquisition in spread...
Proceedings of SPIE (June 20 2014)
Multitarget tracking using sensors with known correlations
Proceedings of SPIE (May 17 2016)
Multilevel fusion exploitation
Proceedings of SPIE (June 14 1996)
Improvement in minority attack detection with skewness in network traffic
Proceedings of SPIE (March 17 2008)
CPHD filtering with unknown probability of detection
Proceedings of SPIE (April 27 2010)
Hierarchichal tracking for the real world
Proceedings of SPIE (August 09 2004)
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top