An efficient and reliable DDoS attack detection using a fast entropy computation method

The threat of distributed denial of service (DDoS) has become a major issue in network security and is difficult to detect because all DDoS traffics have normal packet characteristics. Various detection and defense algorithms have been studied. One of them is an entropy-based intrusion detection approach that is a powerful and simple way to identify abnormal conditions from network channels. However, the burden of computing information entropy values from heavy flow still exists. To reduce the computing time, we have developed a DDoS detection scheme using a compression entropy method. It allows us to significantly reduce the computation time for calculating information entropy. However, our experiment suggests that the compression entropy approach tends to be too sensitive to verify real network attacks and produces many false negatives. In this paper, we propose a fast entropy scheme that can overcome the issue of false negatives and will not increase the computational time. Our simulation shows that the fast entropy computing method not only reduced computational time by more than 90% compared to conventional entropy, but also increased the detection accuracy compared to conventional and compression entropy approaches.