Distributed denial of service attack detection using flow based detection techniques

Abstract

In today’s technology world, computer and digital devices network plays an important role. Almost all organizations are dependent on digital means of information storage and communication like laptops, computers, handheld devices and routers etc. An organization has to ensure the availability of these resources from the organization’s network whenever required. Distributed Denial of Service attacks are caused due to a large data sent by multiple system/devices to a single target exhausting the resources and causing unavailability of services. Detection of such attacks has gained a great attention in current computing era. Research has shown that DDOS detection using anomaly based detection mechanism gives more accurate result than the signature based detection techniques. In this thesis rule based intrusion detection system is used to implement anomaly based detection using dynamic engine of Snort (NIDS). Mathematical formulation based analysis is done using a comparison of correlation and mutual information between IP packets in different time intervals. Results have shown that Mutual information method outperforms the correlation detection techniques.