An entropy based approach for DDoS attack detection in IEEE 802.16 based networks

Abstract

Distributed denial of service attacks are great security threats to computer networks, especially to large scale networks such as WiMAX. Detecting this kind of attack is not as easy as some other attacks, because the traffic created by attack is too similar to the traffic of the network in the normal case. So in this paper a novel framework is proposed to detect DDoS attack in IEEE802.16-based networks efficiently. The key idea of the proposed method is to exploit some statistical features of the incoming traffic. In fact we design a system in which some entropy-based features of the traffic are analyzed. Based on these features we decide whether the attack has occurred or not. Previous works have all focused on the entropy of IP address of the incoming packets, while in this system we have comprehensively considered some other entropybased features which help a lot in detecting the attack rather than just considering the entropy of the incoming IP addresses. Also in the proposed method we have tried to exploit the long range dependency of the traffic to detect the attack. The simulation results show that the proposed method can detect DDoS attacks efficiently. © 2011 Springer-Verlag.