Deakin University
Browse

File(s) under permanent embargo

Effective DDoS attacks detection using generalized entropy metric

journal contribution
posted on 2009-07-31, 00:00 authored by Ke Li, Wanlei Zhou, Shui Yu, B Dai
In information theory, entropies make up of the basis for distance and divergence measures among various probability densities. In this paper we propose a novel metric to detect DDoS attacks in networks by using the function of order α of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. Our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order α=2, and two hops earlier to detect attacks while order α=10.) but also reduce both the false positive rate and the false negative rate clearly compared with the traditional Shannon entropy metric approach.

History

Journal

Lecture notes in computer science

Volume

5574

Pagination

266 - 280

Publisher

Springer

Location

Heidelberg, Germany

ISSN

0302-9743

eISSN

1611-3349

Language

eng

Publication classification

C2 Other contribution to refereed journal

Copyright notice

2009, Springer-Verlag Berlin Heidelberg

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC