Chi-Square and Entropy (CS-E): A Hybrid Method for DDoS Attack Detection and Trace Back
T. Subburaj1, K. Suthendran2
1T. Subburaj, Department of Computer Applications, Kalasalingam Academy of Research and Education College, Krishnankoil (Tamil Nadu), India.
2K. Suthendran, Department of Information Technology, Kalasalingam Academy of Research and Education College, Krishnankoil (Tamil Nadu), India.
Manuscript received on 01 December 2019 | Revised Manuscript received on 19 December 2019 | Manuscript Published on 31 December 2019 | PP: 534-541 | Volume-8 Issue-4S2 December 2019 | Retrieval Number: D11001284S219/2019©BEIESP | DOI: 10.35940/ijrte.D1100.1284S219
Open Access | Editorial and Publishing Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Internet becomes unavoidable and it provides us with a wealth of information and allows us to keep in touch with the outside world. However, there can also be risks on the internet that is, for example, even a naive hacker can access information and easily learn to generate a large scale DDoS attack with the help of downloadable user-friendly attacking tools. Nowadays, this has made even small businesses in trouble. One of the extensive DDoS attacks was done on October 2016 which is called “Mirai botnet”. In that, the attackers send 30 million packets per second to attack the financial department, industries, home system, etc. were affected. In the future, the attackers may hit the hardest even as banks, government sectors, and corporate sectors, etc. On DDoS attack time, the attackers are sending a lot of malicious packets to the server/victims. So the attacker’s throughput is increased and legitimate user throughput is decreased on time of the attack. In this paper, a novel approach is proposed to detect the DDoS attacks using Chi-Square method which compares the normal packets and current packets statistics to discriminate whether the particular flow is DDoS or not. Further; it identifies the IP address of attacking source using entropy statistic. The proposed method can be used to control internet crimes. The experimental results show that the proposed method outperforms the existing approaches by detecting the DDoS attack and also by identifying the wrongdoer IP address. In addition, it takes minimum time to perform the above.
Keywords: Chi-Square, Critical Value, DDoS Attack, Entropy, Time Complexity.
Scope of the Article: Probabilistic Models and Methods