Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation
DDoS constitutes a significant andger to network security, frequently employing anomalous traffic patterns to impede services. DDoS detection can be executed by an entropy-based anomaly detection approach, which juxtaposes the entropy value with the threshold <inline-formula> <tex-math nota...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10935601/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849737001305112576 |
|---|---|
| author | Juri Pebrianto Vera Suryani |
| author_facet | Juri Pebrianto Vera Suryani |
| author_sort | Juri Pebrianto |
| collection | DOAJ |
| description | DDoS constitutes a significant andger to network security, frequently employing anomalous traffic patterns to impede services. DDoS detection can be executed by an entropy-based anomaly detection approach, which juxtaposes the entropy value with the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula>. Nonetheless, prior research indicates that the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula> with a static k as the threshold sensitivity parameter is inadequate for detecting attacks on dynamic traffic patterns. This study presents two significant innovations: the re-evaluation of suspect IPs and the dynamic adjustment of the threshold via the parameter <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula>. Reevaluation is utilised to address dubious IPs that evade initial identification due to erratic traffic patterns, whereas <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> is engineered to enhance detection sensitivity by automatic adaptability to traffic fluctuations. The experimental results indicate that the method incorporating re-evaluation of suspect IPs enhances detection accuracy. Concurrently, the method utilising <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> demonstrates enhanced detection efficacy while minimising the necessity for human modification of the k parameter. The suggested method, through these advances, surmounts the limits of prior systems, facilitating more efficient and adaptive detection of complicated attack traffic patterns. |
| format | Article |
| id | doaj-art-fbc4bfd1f89a4c95af4ebdbe9d6e4c5d |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-fbc4bfd1f89a4c95af4ebdbe9d6e4c5d2025-08-20T03:07:05ZengIEEEIEEE Access2169-35362025-01-0113558585587610.1109/ACCESS.2025.355314410935601Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP ReevaluationJuri Pebrianto0https://orcid.org/0000-0002-9345-4567Vera Suryani1School of Computing, Telkom University, Bandung, IndonesiaSchool of Computing, Telkom University, Bandung, IndonesiaDDoS constitutes a significant andger to network security, frequently employing anomalous traffic patterns to impede services. DDoS detection can be executed by an entropy-based anomaly detection approach, which juxtaposes the entropy value with the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula>. Nonetheless, prior research indicates that the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula> with a static k as the threshold sensitivity parameter is inadequate for detecting attacks on dynamic traffic patterns. This study presents two significant innovations: the re-evaluation of suspect IPs and the dynamic adjustment of the threshold via the parameter <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula>. Reevaluation is utilised to address dubious IPs that evade initial identification due to erratic traffic patterns, whereas <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> is engineered to enhance detection sensitivity by automatic adaptability to traffic fluctuations. The experimental results indicate that the method incorporating re-evaluation of suspect IPs enhances detection accuracy. Concurrently, the method utilising <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> demonstrates enhanced detection efficacy while minimising the necessity for human modification of the k parameter. The suggested method, through these advances, surmounts the limits of prior systems, facilitating more efficient and adaptive detection of complicated attack traffic patterns.https://ieeexplore.ieee.org/document/10935601/DDoS detectionentropy-based detectiondynamic thresholdsuspicious IP reevaluationk-dynamic adjustment |
| spellingShingle | Juri Pebrianto Vera Suryani Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation IEEE Access DDoS detection entropy-based detection dynamic threshold suspicious IP reevaluation k-dynamic adjustment |
| title | Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation |
| title_full | Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation |
| title_fullStr | Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation |
| title_full_unstemmed | Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation |
| title_short | Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation |
| title_sort | adaptive ddos attack detection entropy based model with dynamic threshold and suspicious ip reevaluation |
| topic | DDoS detection entropy-based detection dynamic threshold suspicious IP reevaluation k-dynamic adjustment |
| url | https://ieeexplore.ieee.org/document/10935601/ |
| work_keys_str_mv | AT juripebrianto adaptiveddosattackdetectionentropybasedmodelwithdynamicthresholdandsuspiciousipreevaluation AT verasuryani adaptiveddosattackdetectionentropybasedmodelwithdynamicthresholdandsuspiciousipreevaluation |