An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection

An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection

•Most common information metrics used in detecting DDoS attacks are discussed.•Empirical evaluation of information metrics for detecting DDoS attack is presented.•These metrics are evaluated using several real-life DDoS datasets. Distributed Denial of Service (DDoS) attacks represent a major threat...

Full description

Saved in:
Bibliographic Details
Published in:Pattern recognition letters Vol. 51; pp. 1 - 7
Main Authors: Bhuyan, Monowar H., Bhattacharyya, D.K., Kalita, J.K.
Format: Journal Article
Language:English
Published: Elsevier B.V 01-01-2015
Subjects:
DDoS attack
Entropy
Information metric
Network traffic
Threat
DDoS attack
Entropy
Information metric
Network traffic
Threat
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•Most common information metrics used in detecting DDoS attacks are discussed.•Empirical evaluation of information metrics for detecting DDoS attack is presented.•These metrics are evaluated using several real-life DDoS datasets. Distributed Denial of Service (DDoS) attacks represent a major threat to uninterrupted and efficient Internet service. In this paper, we empirically evaluate several major information metrics, namely, Hartley entropy, Shannon entropy, Renyi’s entropy, generalized entropy, Kullback–Leibler divergence and generalized information distance measure in their ability to detect both low-rate and high-rate DDoS attacks. These metrics can be used to describe characteristics of network traffic data and an appropriate metric facilitates building an effective model to detect both low-rate and high-rate DDoS attacks. We use MIT Lincoln Laboratory, CAIDA and TUIDS DDoS datasets to illustrate the efficiency and effectiveness of each metric for DDoS detection.
ISSN:0167-8655
1872-7344
DOI:10.1016/j.patrec.2014.07.019