An information divergence based approach to detect flooding DDoS attacks and Flash Crowds

Distributed Denial of Service (DDoS) attacks poses a severe threat to widely used Internet-based services and applications. Currently, during in the technology era, the internet is the only real exigent that delivers a glut of services like businesses, banking, communication, education, e-commerce, etc. Distributed Denial of Service attack aims to deny access by legitimate users to shared services or resources. Because of the vulnerability of the initial style of the web, attackers can merely mimic the patterns of legitimate network traffic. The prevailing fingerprint or feature-based methods are not appropriate to detect a recent DDoS attack. In this paper our goal is to detect a DDoS attack as well as Flash Crowd using various information distance measures such as Kullbeck-Leibler, Hellinger and Manhattan distance to measure the flow similarity among the traffic. Further the detection parameters such as Detection Rate, Classification Rate, Precision Rate and False Positive Rate is computed and shows that the Kullbeck-Leibler detection metric effectively detects the attack as compared to the other two.