On selection of attributes for entropy based detection of DDoS

Distributed Denial of service (DDoS) attack is an attempt to prevent the legitimate users from using services provided by service providers. This is done through flooding their server with the unnecessary traffic. These attacks are performed on some prestigious web sites like Yahoo, Amazon and on various cloud service providers. The severity of the attack is very high, as a result the server goes down for the indefinite period of time. To detect such attempts, various methods were proposed. In this paper, an entropy-based approach is used to detect the DDoS attack. We have analyzed the effect on the entropy of all the useful packet attributes during DDoS attack and tested their usefulness against famous types of distributed denial of service attacks. During analysis, we have explained the proper choice of attributes one should make to get a better threshold during DDoS detection.