Abstract
DDoS attack detection using entropy-based features in network traffic has become a popular approach among researchers in the last five years. The use of traffic distribution features constructed using entropy measures has been proposed as a better approach to detect Distributed Denial of Service (DDoS) attacks compared to conventional volumetric methods, but it still lacks in the generality of detecting various intensity DDoS attacks accurately. In this paper, we focus on identifying effective entropy-based features to detect both high- and low-intensity DDoS attacks by exploring the effectiveness of entropy-based features in distinguishing the attack from normal traffic patterns. We hypothesise that using different entropy measures, window sizes, and entropy-based features may affect the accuracy of detecting DDoS attacks. This means that certain entropy measures, window sizes, and entropy-based features may reveal attack traffic amongst normal traffic better than the others. Our experimental results show that using Shannon, Tsallis and Zhou entropy measures can achieve a clearer distinction between DDoS attack traffic and normal traffic than Rényi entropy. In addition, the window size setting used in entropy construction has minimal influence in differentiating between DDoS attack traffic and normal traffic. The result of the effectiveness ranking shows that the commonly used features are less effective than other features extracted from traffic headers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)
Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, p. 32. USENIX Association (2005)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newslett. 11(1), 10–18 (2009)
Jun, J.H., Ahn, C.W., Kim, S.H.: DDoS attack detection by using packet sampling and flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 711–712. ACM (2014)
Kottler, S.: February 28th DDoS Incident Report (2018). https://githubengineering.com/ddos-incident-report/
Loukas, G., Öke, G.: Protection against denial of service attacks: a survey. Comput. J. 53, 1020–1037 (2009)
Ma, X., Chen, Y.: DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun. Lett. 18(1), 114–117 (2014)
Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: Proceedings of the International Conference on Computing, Networking and Communications (ICNC), pp. 77–81. IEEE (2015)
Nychis, G., Sekar, V., Andersen, D.G., Kim, H., Zhang, H.: An empirical evaluation of entropy-based traffic anomaly detection. In: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, pp. 151–156 (2008)
Özçelik, İ., Brooks, R.R.: Deceiving entropy based DoS detection. Comput. Secur. 48, 234–245 (2015)
Shannon, C.E.: Communication theory of secrecy systems. Bell Labs Tech. J. 28(4), 656–715 (1949)
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)
Zhang, C., Cai, Z., Chen, W., Luo, X., Yin, J.: Flow level detection and filtering of low-rate DDoS. Comput. Netw. 56(15), 3417–3431 (2012)
Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.: An advanced entropy-based DDoS detection scheme. In: Proceedings of the International Conference on Information Networking and Automation (ICINA), vol. 2, pp. V2–67 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Koay, A., Welch, I., Seah, W.K.G. (2019). (Short Paper) Effectiveness of Entropy-Based Features in High- and Low-Intensity DDoS Attacks Detection. In: Attrapadung, N., Yagi, T. (eds) Advances in Information and Computer Security. IWSEC 2019. Lecture Notes in Computer Science(), vol 11689. Springer, Cham. https://doi.org/10.1007/978-3-030-26834-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-26834-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26833-6
Online ISBN: 978-3-030-26834-3
eBook Packages: Computer ScienceComputer Science (R0)