Deceiving entropy based DoS detection

  • Özçelik I
  • Brooks R
  • 40

    Readers

    Mendeley users who have this article in their library.
  • 17

    Citations

    Citations of this article.

Abstract

Denial of Service (DoS) attacks disable network services for legitimate users. As a result of growing dependence on the Internet by both the general public and service providers, the availability of Internet services has become a concern. While DoS attacks cause inconvenience for users, and revenue loss for service providers; their effects on critical infrastructures like the smart grid and public utilities could be catastrophic. For example, an attack on a smart grid system can cause cascaded power failures and lead to a major blackout. Researchers have proposed approaches for detecting these attacks in the past decade. Anomaly based DoS detection is the most common. The detector uses network traffic statistics; such as the entropy of incoming packet header fields (e.g. source IP addresses or protocol type). It calculates the observed statistical feature and triggers an alarm if an extreme deviation occurs. Entropy features are common in recent DDoS detection publications. They are also one of the most effective features for detecting these attacks. However, intrusion detection systems (IDS) using entropy based detection approaches can be a victim of spoofing attacks. An attacker can sniff the network and calculate background traffic entropy before a (D)DoS attack starts. They can then spoof attack packets to keep the entropy value in the expected range during the attack. This paper explains the vulnerability of entropy based network monitoring systems. We present a proof of concept entropy spoofing attack and show that by exploiting this vulnerability, the attacker can avoid detection or degrade detection performance to an unacceptable level.

Author-supplied keywords

  • DDoS
  • Denial of service
  • Detection deceiving
  • Entropy
  • Intrusion detection
  • Protocol spoofing

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free