Skip to main content
SpringerLink
Log in

(Short Paper) Effectiveness of Entropy-Based Features in High- and Low-Intensity DDoS Attacks Detection

  • Conference paper
  • First Online:
Book cover Advances in Information and Computer Security (IWSEC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11689))

Included in the following conference series:

Abstract

DDoS attack detection using entropy-based features in network traffic has become a popular approach among researchers in the last five years. The use of traffic distribution features constructed using entropy measures has been proposed as a better approach to detect Distributed Denial of Service (DDoS) attacks compared to conventional volumetric methods, but it still lacks in the generality of detecting various intensity DDoS attacks accurately. In this paper, we focus on identifying effective entropy-based features to detect both high- and low-intensity DDoS attacks by exploring the effectiveness of entropy-based features in distinguishing the attack from normal traffic patterns. We hypothesise that using different entropy measures, window sizes, and entropy-based features may affect the accuracy of detecting DDoS attacks. This means that certain entropy measures, window sizes, and entropy-based features may reveal attack traffic amongst normal traffic better than the others. Our experimental results show that using Shannon, Tsallis and Zhou entropy measures can achieve a clearer distinction between DDoS attack traffic and normal traffic than Rényi entropy. In addition, the window size setting used in entropy construction has minimal influence in differentiating between DDoS attack traffic and normal traffic. The result of the effectiveness ranking shows that the commonly used features are less effective than other features extracted from traffic headers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)

    Article  Google Scholar 

  2. Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement, p. 32. USENIX Association (2005)

    Google Scholar 

  3. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newslett. 11(1), 10–18 (2009)

    Article  Google Scholar 

  4. Jun, J.H., Ahn, C.W., Kim, S.H.: DDoS attack detection by using packet sampling and flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 711–712. ACM (2014)

    Google Scholar 

  5. Kottler, S.: February 28th DDoS Incident Report (2018). https://githubengineering.com/ddos-incident-report/

  6. Loukas, G., Öke, G.: Protection against denial of service attacks: a survey. Comput. J. 53, 1020–1037 (2009)

    Article  Google Scholar 

  7. Ma, X., Chen, Y.: DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun. Lett. 18(1), 114–117 (2014)

    Article  Google Scholar 

  8. Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: Proceedings of the International Conference on Computing, Networking and Communications (ICNC), pp. 77–81. IEEE (2015)

    Google Scholar 

  9. Nychis, G., Sekar, V., Andersen, D.G., Kim, H., Zhang, H.: An empirical evaluation of entropy-based traffic anomaly detection. In: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, pp. 151–156 (2008)

    Google Scholar 

  10. Özçelik, İ., Brooks, R.R.: Deceiving entropy based DoS detection. Comput. Secur. 48, 234–245 (2015)

    Article  Google Scholar 

  11. Shannon, C.E.: Communication theory of secrecy systems. Bell Labs Tech. J. 28(4), 656–715 (1949)

    Article  MathSciNet  Google Scholar 

  12. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012)

    Article  Google Scholar 

  13. Zhang, C., Cai, Z., Chen, W., Luo, X., Yin, J.: Flow level detection and filtering of low-rate DDoS. Comput. Netw. 56(15), 3417–3431 (2012)

    Article  Google Scholar 

  14. Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.: An advanced entropy-based DDoS detection scheme. In: Proceedings of the International Conference on Information Networking and Automation (ICINA), vol. 2, pp. V2–67 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Waikato, Hamilton, New Zealand

    Abigail Koay

  2. Victoria University of Wellington, Wellington, New Zealand

    Ian Welch & Winston K. G. Seah

Authors
  1. Abigail Koay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ian Welch
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Winston K. G. Seah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Abigail Koay .

Editor information

Editors and Affiliations

  1. National Institute of Advanced Industrial Science and Technology, Tokyo, Japan

    Nuttapong Attrapadung

  2. NTT Security (Japan) KK, Tokyo, Japan

    Takeshi Yagi

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Koay, A., Welch, I., Seah, W.K.G. (2019). (Short Paper) Effectiveness of Entropy-Based Features in High- and Low-Intensity DDoS Attacks Detection. In: Attrapadung, N., Yagi, T. (eds) Advances in Information and Computer Security. IWSEC 2019. Lecture Notes in Computer Science(), vol 11689. Springer, Cham. https://doi.org/10.1007/978-3-030-26834-3_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26834-3_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26833-6

  • Online ISBN: 978-3-030-26834-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation