Research Commons
      • Browse 
        • Communities & Collections
        • Titles
        • Authors
        • By Issue Date
        • Subjects
        • Types
        • Series
      • Help 
        • About
        • Collection Policy
        • OA Mandate Guidelines
        • Guidelines FAQ
        • Contact Us
      • My Account 
        • Sign In
        • Register
      View Item 
      •   Research Commons
      • University of Waikato Research
      • Computing and Mathematical Sciences
      • Computing and Mathematical Sciences Papers
      • View Item
      •   Research Commons
      • University of Waikato Research
      • Computing and Mathematical Sciences
      • Computing and Mathematical Sciences Papers
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Effectiveness of entropy-based features in high-and low-intensity DDoS attacks detection

      Koay, Abigail; Welch, Ian; Seah, Winston K.G.
      Thumbnail
      Files
      IWSEC_2019_Camera_Ready_PDF_44-2.pdf
      Accepted version, 1.574Mb
      DOI
       10.1007/978-3-030-26834-3_12
      Find in your library  
      Citation
      Export citation
      Koay, A., Welch, I., & Seah, W. K. G. (2019). Effectiveness of entropy-based features in high-and low-intensity DDoS attacks detection. In N. Attrapadung & T. Yagi (Eds.), Proceedings of 14th International Workshop on Security (IWSEC 2019), Advances in Information and Computer Security, LNCS 11689 (pp. 207–217). Tokyo, Japan: Springer. https://doi.org/10.1007/978-3-030-26834-3_12
      Permanent Research Commons link: https://hdl.handle.net/10289/13008
      Abstract
      DDoS attack detection using entropy-based features in network traffic has become a popular approach among researchers in the last five years. The use of traffic distribution features constructed using entropy measures has been proposed as a better approach to detect Distributed Denial of Service (DDoS) attacks compared to conventional volumetric methods, but it still lacks in the generality of detecting various intensity DDoS attacks accurately. In this paper, we focus on identifying effective entropy-based features to detect both high- and low-intensity DDoS attacks by exploring the effectiveness of entropy-based features in distinguishing the attack from normal traffic patterns. We hypothesise that using different entropy measures, window sizes, and entropy-based features may affect the accuracy of detecting DDoS attacks. This means that certain entropy measures, window sizes, and entropy-based features may reveal attack traffic amongst normal traffic better than the others. Our experimental results show that using Shannon, Tsallis and Zhou entropy measures can achieve a clearer distinction between DDoS attack traffic and normal traffic than Rényi entropy. In addition, the window size setting used in entropy construction has minimal influence in differentiating between DDoS attack traffic and normal traffic. The result of the effectiveness ranking shows that the commonly used features are less effective than other features extracted from traffic headers.
      Date
      2019
      Type
      Conference Contribution
      Publisher
      Springer
      Rights
      © Springer Nature Switzerland AG 2019.This is the author's accepted version. The final publication is available at Springer via dx.doi.org/10.1007/978-3-030-26834-3_12
      Collections
      • Computing and Mathematical Sciences Papers [1454]
      Show full item record  

      Usage

      Downloads, last 12 months
      148
       
       
       

      Usage Statistics

      For this itemFor all of Research Commons

      The University of Waikato - Te Whare Wānanga o WaikatoFeedback and RequestsCopyright and Legal Statement