2013 | OriginalPaper | Chapter
DDoS Analysis Using Correlation Coefficient Based on Kolmogorov Complexity
Authors : Sung-ju Kim, Byung Chul Kim, Jae Yong Lee
Published in: Grid and Pervasive Computing
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
This paper describes an approach to detecting distributed denial of services (DDoS) attacks that is based on Information theory, specifically Kolmogorov Complexity. A theorem derived using principles of Kolmogorov Complexity describes that the joint complexity measure of random strings is lower than the sum of complexities of the individual strings when the strings exhibit some correlation. However, Kolmogorov complexity is not calculable, various methods exist to measure estimates of complexity. In the viewpoint of Kolmogorov complexity, we have found out the characteristics of DDoS attacks after analyzing a lot of DDoS attack cases. We propose a new method to compute the joint complexity using Deep Packet Inspection (DPI). DPI depends on string matching process and regular expression heuristics that make a thorough investigation on the packet payloads in a search for networked application signatures. As ISPs backbone links’ speed and data volume increase rapidly, commodity hardware-based DPI systems face performance bottlenecks and the difficulty of scalability, which interferes on traffic classification accuracy dramatically. This paper introduces a lightweight DPI algorithm for an expeditious detection that can detect the presence of a DDoS in the Internet as quickly as possible in order to provide people accurate early warning information and possible reaction time for counteractions. Furthermore, it increases the exactitude of detecting DDoS and doesn’t decrease network backbone’s performance.