Summary: | 碩士 === 國立臺灣科技大學 === 資訊工程系 === 96 === A denial-of-service (DoS) attack is a serious threat to the Internet security nowadays. According to a 2006 CSI/FBI Computer Crime and Security Survey, 25 percent of respondents whose computer detected DoS attacks in the last 12 months. Moreover, the Symantec Internet Security Threat Report showed that an average of 6,110 DoS attacks occurred per day in the first half year of 2006. In the early days, many DoS attacks spoofed source addresses in the attack packets. Now they can use a number of zombies simultaneously to send tremendous packets to a victim and this makes it more difficult to trace the attackers.
In this research, we applied an entropy-based method to analyze the characteristic of network traffic and revealed that it is helpful to detect great scale of DoS/Probe attacks by observing the variation of the entropy of each header field. To accomplish this idea in real-time network, we had to simplify the process and turn it into three detection approaches: Distributed Addresses Detection Approach, S/R Ratio Detection Approach and TCP Connection Detection Approach. Based on the result of DARPA 98 testing dataset, we proved that our proposed lightweight system could detect DoS/probe attacks efficiently in an actual network and keep a low false positive rate.
|