ERM: an accurate approach to detect DDoS attacks using entropy rate measurement

The challenges from Distributed Denial-of-Service (DDoS) attacks are severe and still increasing significantly. We observe that the existing entropy-based methods only consider the probability distribution of traffic flows that have high false negative rates. On the other hand, sophisticated attack strategies, increasing attack strength and dynamic nature of network traffic patterns make it more difficult to detect the DDoS attacks with high accuracy. In this letter, we present an accurate approach, entropy rate measurement (ERM), to detect DDoS attacks. The proposed approach is based on the differences between the probability distributions and the number of flows. Both theoretical proofs and the results of experiments using real datasets demonstrate that our method has high detection accuracy rate compared to the existing measurements.