An Entropy based DDoS detection method and implementation

Yücebaş, Süleyman Fürkan
Distributed Denial of Service (DDoS) is a cyber attack type involving multiple computer sources which aims to temporarily or permanently deactivate the service provided by a device. This attack type has been listed multiple times as the most used attack types and has a great portion in all types of cyber attacks. Also, these attacks are increasing day by day and poses a threat for cyber security ecosystem. In today's world, these attacks target worldwide organizations and cause them to suffer. DDoS attacks are easy to employ but hard to prevent. There are various methods to decrease the impact of attacks but none of them are exact solutions. With further research about DDoS detection approaches, it is observed that, methods using statistical approaches have better performance than other approaches. In this thesis, we describe an entropy based detection method and implement our method on software defined networks (SDN). The performance of the method is evaluated for various attack types. We propose the use of multiple entropy values and a novel alarm determination based on these entropy values. We conducted a series of experiments with real datasets for four different attack types to evaluate our method. We compare the effectiveness of our entropy parameter selection (5 single attributes and 10 pair of attributes) to entropy calculation with all 3 elements and 4 elements subsets. The results show that our method detects most common attack types at very early stages.