On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to com...

Full description

Saved in:
Bibliographic Details
Main Authors: Jagdeep Singh, Navjot Jyoti, Sunny Behal
Format: Article
Language:English
Published: Elsevier 2021-08-01
Series:Kuwait Journal of Science
Subjects:
DDoS Attacks
Network Security
entropy
Information divergence
Empirical Investigation
Online Access:https://journalskuwait.org/kjs/index.php/KJS/article/view/10612
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to combat against DDoS attacks. In recent times, the volume of legitimate traffic has also magnified to manifolds. It results in behavioural similarities of attack traffic and legitimate traffic that makes it difficult to differentiate between these two types of traffic. Predominantly, flow-based techniques are in use for detecting legitimate and attack traffic flows. Over the last decade, information theory has been extensively used for flow-based DDoS defense solutions. This paper elucidates the efficacy and effectiveness of information theory based various entropy and divergence measures in the field of DDoS attack detection. The proposed generalized detection methodology has validated using different detection system evaluation metrics such as Detection rate (Recall), Precision, F-Measure, FPR, Classification rate and as well as Receiver-Operating Characteristics (ROC) curves are used for the same. It has observed that the generalized divergence based metrics produce more accuracy in detecting different types of attack flows in contrast to entropy metrics.
ISSN:2307-4108
2307-4116

Similar Items