On the Collaborative Inference of DDoS: An Information-theoretic Distributed Approach

Literature contributions have shown that information theoretic techniques can effectively detect various types of Distributed Denial of Service (DDoS) attacks. However, such techniques are often centralized with a limited measurement vantage point and suffer from the issue of single point of failure. Furthermore, with the flourishing of distributed and cloud-based environments, such techniques ought to adapt to such settings for scalability and performance reasons. In this paper, we address the problem of collaborative DDoS detection using information-theoretic techniques. To this end, we propose an entropy-based detection mechanism that supports collaborative agreement to identify suitable tuning network parameters for distributed DDoS inference in real-time. Empirical evaluations with real DDoS attacks demonstrate that the proposed approach is indeed capable of cooperatively inferring DDoS attacks while achieving resiliency and scalability.