ERM: An Accurate Approach to Detect DDoS Attacks Using Entropy Rate Measurement

The challenges from Distributed Denial-of-Service (DDoS) attacks are severe and still increasing significantly. We observe that the existing entropy-based methods only consider the probability distribution of traffic flows that have high false negative rates. On the other hand, sophisticated attack strategies, increasing attack strength and dynamic nature of network traffic patterns make it more difficult to detect the DDoS attacks with high accuracy. In this letter, we present an accurate approach, entropy rate measurement (ERM), to detect DDoS attacks. The proposed approach is based on the differences between the probability distributions and the number of flows. Both theoretical proofs and the results of experiments using real datasets demonstrate that our method has high detection accuracy rate compared to the existing measurements.

[1]  Xiapu Luo,et al.  SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[2]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[3]  P. Santhi Thilagam,et al.  DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications , 2019, IEEE Communications Surveys & Tutorials.

[4]  Mauro Conti,et al.  SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN , 2018, IEEE Transactions on Network and Service Management.

[5]  Yih-Chun Hu,et al.  Practical Proactive DDoS-Attack Mitigation via Endpoint-Driven In-Network Traffic Control , 2018, IEEE/ACM Transactions on Networking.

[6]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[7]  Yonghong Chen,et al.  DDoS Detection Algorithm Based on Preprocessing Network Traffic Predicted Method and Chaos Theory , 2013, IEEE Communications Letters.

[8]  Aziz Mohaisen,et al.  Delving Into Internet DDoS Attacks by Botnets: Characterization and Analysis , 2018, IEEE/ACM Transactions on Networking.

[9]  Krishan Kumar,et al.  A comprehensive approach to discriminate DDoS attacks from flash events , 2016, J. Inf. Secur. Appl..