An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols

Hsing-Chung Chen; Chuan-Hsien Mao; Shian-Shyong Tseng

doi:10.6180/jase.2015.18.1.10

An Approach for Detecting a Flooding Attack Based on Entropy Measurement of Multiple E-Mail Protocols

Hsing-Chung Chen^1,2, Chuan-Hsien Mao¹ and Shian-Shyong Tseng This email address is being protected from spambots. You need JavaScript enabled to view it.³

¹Department of Computer Science and Information Engineering, Asia University, Taichung, Taiwan 413, R.O.C.
²Department of Medical Research, China Medical University Hospital, China Medical University, Taichung, Taiwan 404, R.O.C.
³Department of Applied Informatics and Multimedia, Asia University, Taichung, Taiwan 413, R.O.C.

Received: June 3, 2014
Accepted: January 22, 2015
Publication Date: March 1, 2015

Download Citation: ||https://doi.org/10.6180/jase.2015.18.1.10

ABSTRACT

In recent years, there have been many approaches proposed by many researchers to detect RTT (round-trip time) and RTO (retransmission timeout) message traffic accessing email and trying to determine whether these belong to dangerous traffic. The aim of this study is to protect an electronic mail (email) server system based on the integrated entropy calculations of the multiple protocols of RTT and RTO in order to detect flooding attacks. Entropy is an approach in the mathematical theory of communication. It can be used to measure the uncertainty or randomness in a random variable. A normal email server usually supports four protocols consisting of simple mail transfer protocol (SMTP), post office protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4), and HTTPS being used by a remote web-based email. However, in the internet, there are many flooding attacks that attempt to paralyze an email server system. Therefore, we propose a new approach for detecting flooding attacks based on the integrated entropy measurements for an email server. Our approach can reduce the misjudged rate compared to conventional approaches.

Keywords: Entropy, Flooding Attack, E-mail Server, RTT, RTO

REFERENCES

[1] Postel, J. B., “A Simple Mail Transfer Protocol,” RFC821 (1982).
[2] Klensin, J., “A Simple Mail Transfer Protocol,” RFC5321 (2008).
[3] Myers, J. and Rose, M., “Post Office Protocol-Version 3,” RFC 1939 (1996).
[4] Crispin, M., “Request for Comments: 2060,” Standards Track, Network Working Group, Dec. (1996).
[5] Cripsin, M., “Internet Message Access Protocol-Version 4rev1,” RFC3501 (2003).
[6] Karlton, P., “Request for Comments: 6101,” Standards Track, Network Working Group, August (2011).
[7] Wikipedia, “HTTP Secure,” [On-Line] http://en.wiki pedia.org/wiki/HTTP_Secure, 2014.
[8] Zhangsk, RTT of Measure and RTO of Calculations in TCP, [On-Line] http://blog.csdn.net/zhangskd/article/ details/7196707.
[9] Chen, H. C., Sun, J. Z. and Wu, Z. D., “Dynamic Forensics System with Intrusion Tolerance Based on Hierarchical Colour Petri-Nets,” BWCCA 2010: International Conference on Broadband and Wireless Com - puting, Communication and Applications, Fukuoka, Japan, November 46, pp. 660665 2010. doi: 10.1109/ BWCCA.2010.151
[10] O’Donnell, A. J., “The Evolutionary Microcosm of Stock Spam,” IEEE Security & Privacy, pp. 7075 (2007). doi: 10.1109/MSP.2007.22
[11] Bass, T. and Watt, G., “A Simple Framework for Filtering Queued SMTP Email,” Proceedings of MILCOM 97, Vol. 3, pp. 11401144 (1997). doi: 10.1109/MIL COM.1997.644877
[12] Bass, T., Freyre, A., Gruber, D. and Watt, G., “Email Bombs and Countermeasure: Cyber Attack on Availability and Brand Integrity,” IEEE Network, Vol. 12, No. 2, pp. 1017 (1998). doi: 10.1109/65.681925
[13] Wang, X., Chellappan, S., Boyer, P. and Xuan, D., “On the Effectiveness of Secure Overlay Forwarding Systems Under Intelligent Distributed DoS Attacks,” IEEE Transactions on Parallel and Distributed Systems, pp. 619632 (2006). doi: 10.1109/TPDS.2006.93
[14] Shannon, C. E., “A Mathematical Theory of Communication,” Bell System Technical Journal, Vol. 27, pp. 379423 and 623656 (1948). doi: 10.1002/j.1538- 7305.1948.tb01338.x
[15] Astronomy, A., “Information Entropy,” Available from: [On-Line] http://www.absoluteastronomy.com/topics/ Information_entropy, 2012.
[16] Weaver, W. and Shannon, C. E., The Mathematical Theory of Communication, 1949, Republished in Paperback, (1963). doi: 10.1002/j.1538-7305.1948.tb00917.x
[17] Chen, H. C., Tseng, S. S., Mao, C. H., Lee, C. C. and Churniawan, R., “An Approach for Detecting Flooding Attack Based on Integrated Entropy Measurement in E-Mail Server,” The 8th International Conference on Embedded and Multimedia Computing (EMC-13), pp. 941952 (2013). doi: 10.1007/978-94-007-7262-5_107
[18] Kumar, A. and Kaur, M., “An Improved Algorithm for Solving Fuzzy Maximal Flow Problems,” Journal of Applied Science and Engineering, Vol. 10, No. 1, pp. 1927 (2012). doi: 10.1007/978-3-642-10646-0_34
[19] Wikipedia, “Entropy,” [On-Line] http://en.wikipedia. org/wiki/Entropy, (2015).
[20] Liu, H. and Gegov, A., Induction of Modular Classification Rules by Information Entropy Based Rule Generation, Soft Computing. Springer, 16 Jan., (2015).