A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic
TL;DR: In this paper , the authors proposed new state determination standards that use the normal distribution characteristics of the entropy value at the time which an attack did not occur, subdivide the normal and abnormal range represented by the entropy values, improving the accuracy of attack determination.
read more
Abstract: To detect each network attack in an SDN environment, an attack detection method is proposed based on an analysis of the features of the attack and the change in entropy of each parameter. Entropy is a parameter used in information theory to express a certain degree of order. However, with the increasing complexity of networks and the diversity of attack types, existing studies use a single entropy, which does not discriminate correctly between attacks and normal traffic and may lead to false positives. In this paper, we propose new state determination standards that use the normal distribution characteristics of the entropy value at the time which an attack did not occur, subdivide the normal and abnormal range represented by the entropy value, improving the accuracy of attack determination. Furthermore, we show the effectiveness of the proposed method by numerical analysis.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Overview of DDoS attack detection in Software-Defined Networks
Yixuan Li
TL;DR: DDoS attack detection in SDN environment systematically reviews the latest progress of DDoS attack detection techniques in SDN environment, focusing on data preprocessing, dimensionality reduction, detection algorithms and challenges.
9
A Hybrid Deep Learning Model for Detecting DDoS Flooding Attacks in SIP-Based Systems
Osama S. Younes
TL;DR: This study proposes a hybrid deep learning model combining CNN and LSTM to detect DDoS flooding attacks in SIP-based systems, achieving high accuracy and low detection time, outperforming existing schemes in accuracy and detection time.
5
Conditional entropy-based hybrid DDoS detection model for IoT networks
Nimisha Pandey,Pramod Kumar Mishra +1 more
2
Analysis and Identification of Distributed Denial of Service Attacks Using Intra-Domain Messaging Schemes
Setiyo Budiyanto,Lukman Medriavin Silalahi,Imelda Uli Vistalina Simanjuntak,Agus Dendi Rochendi,Septi Andryana,Abdul Hamid,M. Mubarak +6 more
- 10 Aug 2024
TL;DR: This research proposes an Intra-Domain Messaging (I-DM) method to identify and mitigate Distributed Denial-of-Service (DDoS) attacks using a filtering method in Software Defined Networks (SDNs), achieving an 83.4% accuracy rate against IP-Spoofing attacks.
Data Mining Techniques used for Evaluation an Efficient DDoS Attack Detection System: A Deep-Learning Model
Ahmed Shihab
TL;DR: This study proposes DDoS Net, a deep-learning model for efficient DDoS attack detection in SDN systems, utilizing data mining techniques and neural networks to identify typical attack types, leveraging the CICIDS 2019 dataset for evaluation.
References
Anomaly detection: A survey
TL;DR: This survey tries to provide a structured and comprehensive overview of the research on anomaly detection by grouping existing techniques into different categories based on the underlying approach adopted by each technique.
The advantages of the Matthews correlation coefficient (MCC) over F1 score and accuracy in binary classification evaluation
Davide Chicco,Giuseppe Jurman +1 more
TL;DR: This article shows how MCC produces a more informative and truthful score in evaluating binary classifications than accuracy and F1 score, by first explaining the mathematical properties, and then the asset of MCC in six synthetic use cases and in a real genomics scenario.
A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks
TL;DR: The primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
A survey of network anomaly detection techniques
TL;DR: This paper presents an in-depth analysis of four major categories of anomaly detection techniques which include classification, statistical, information theory and clustering and evaluates effectiveness of different categories of techniques.
1.4K
Detecting SYN flooding attacks
Haining Wang,Danlu Zhang,Kang G. Shin +2 more
- 23 Jun 2002
TL;DR: A simple and robust mechanism that not only sets alarms upon detection of ongoing SYN flooding attacks, but also reveals the location of the flooding sources without resorting to expensive IP traceback.