An Autonomous Framework for Early Detection of Spoofed Flooding Attacks

One of the challenging tasks on the Internet is differentiating the attack traffic from legitimate traffic. Tackling this challenge would aid in the detection of Denial of Service/Distributed DoS (DoS/DDoS) attacks. In this paper, we propose a flow profiling scheme that adopts itself to detect these flooding attacks by monitoring the trends in the current traffic. Moreover, our scheme filters most of the traffic, which are found to be suspicious, at the source end, thus avoiding flooding at the target. The scheme distinguishes itself from other source end defenses in the manner in which it gathers and profiles the statistics. Information entropy, a measure to find correlation among traffic flows, is used. We made this attempt to infer the current state of the dynamic network. The result of correlation is then used to support the evidences which justify the necessity of filtering the packets. We use Theory of evidence to improve the decision making with regard to filtering. We implemented and tested our scheme using network traffic traces and found the results to be appreciable.