DDoS Attack Detection using Fast Entropy Approach on Flow-Based Network Traffic

Denial of service attack and Distributed Denial of Service attacks are becoming an increasingly frequent disturbance of the global Internet. In this paper we propose improvement in detection of Distributed Denial of Service attacks based on fast entropy method using flow-based analysis. An adaptive threshold algorithm is made use of since both network activities and user's behavior could vary over time. Fast Entropy and flow-based analysis show significant reduction in computational time compared to conventional entropy computation while maintaining good detection accuracy. The network traffic is analyzed and fast entropy of request per flow is calculated. DDoS attack is detected when the difference between entropy of flow count at each instant and mean value of entropy in that time interval is greater than the threshold value that is updated adaptively based on traffic pattern condition to improve the detection accuracy. (C) 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).