Abstract
This paper describes an approach to detecting distributed denial of
service (DDoS) attacks that is based on fundamentals of information
theory, specifically Kolmogorov complexity. The algorithm is based
on a concept of Kolmogorov complexity that states that the joint
complexity measure of random strings is lower than the sum of the
complexities of the individual strings if the strings exhibit some
correlation. Furthermore, the joint complexity measure varies inversely
with the amount of correlation. The proposed algorithm exploits
this feature to correlate traffic flows in the network and detect
possible denial-of-service attacks. One of the strengths of this
algorithm is that it does not require special filtering rules and
hence it can be used to detect any type of DDoS attack. This algorithm
is shown to perform better than simple packet-counting or load-measuring
approaches.
Users
Please
log in to take part in the discussion (add own reviews or comments).