학술논문
DDoS Flooding Attack Detection Based on Joint-Entropy with Multiple Traffic Features
Document Type
Conference
Author
Source
2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) TRUSTCOM-BIGDATASE Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018 17th IEEE International Conference On. :237-243 Aug, 2018
Subject
Language
ISSN
2324-9013
Abstract
Distributed Denial of Service (DDoS) attacks are still considered as severe threats to the Internet. Previous works have used information entropy to detect DDoS flooding attacks. However, these methods usually only used source address as the feature of packets, and ignored other features. Besides, the entropy with single variable also has restricts in abnormal detection. In this paper, we propose a new joint-entropy-based DDoS detection solution with multiple features of packets. We choose flow duration, packet length, source address and destination port as the key features to detect different types of DDoS flooding attacks. We carry out the experiments with simulated campus network based on Software-defined Networking (SDN) architecture. The results show that our proposed method can effectively detect attacks of both forged and non-forged source address, and outperforms the previous single-entropy methods in terms of accuracy and false positive rate.