An entropy-based countermeasure against intelligent dos attacks targeting firewalls

F. Al-Haidari, M. Sqalli, K. Salah, J. Hamodi

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Scopus citations

Abstract

Denial of Service (DoS) attacks are very dangerous as they consume resources at the network and transport layers. Firewalls are considered as the first line of defense in any network. An attacker may use probing to learn a firewall's policy, and then launch a DoS attack that floods the firewall with traffic targeting the rules at the bottom of this policy. In this paper, we propose a countermeasure that enables the firewall to endure the attack attempts without denying service to legitimate clients. The goal of this work is to use an entropy-based scheme to distinguish between the legitimate and attack traffic. Then, the legitimate traffic will be placed in a queue with a higher priority than the queue holding the attack traffic. The results show that the proposed scheme improves on the performance of the firewall under a DoS attack.

Original languageBritish English
Title of host publicationProceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009
Pages41-44
Number of pages4
DOIs
StatePublished - 2009
Event2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009 - London, United Kingdom
Duration: 20 Jul 200922 Jul 2009

Publication series

NameProceedings - 2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009

Conference

Conference2009 IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009
Country/TerritoryUnited Kingdom
CityLondon
Period20/07/0922/07/09

Keywords

  • Countermeasures
  • Dos attacks
  • Entropy, intrusion detection
  • Firewalls

Fingerprint

Dive into the research topics of 'An entropy-based countermeasure against intelligent dos attacks targeting firewalls'. Together they form a unique fingerprint.

Cite this