DDoS Attack Detection Using Flow Entropy and Clustering Technique

Distributed Denial of Service (DDoS) has already been one of the most serious threats to network security, and entropy-based approaches for DDoS attack detection are appealing since they provide more detailed insights than traditional traffic volume-based methods. In this paper, we propose a novel entropy-based DDoS attack detection approach by constructing entropy vectors of different features from traffic flows, modeling normal patterns using clustering analysis algorithm, and then detecting deviations from the created models. Compared to traditional work, our method differs by selecting more comprehensive features to construct clustering models, and setting detection thresholds automatically based on the traffic models. The experimental results demonstrate that the proposed approach can not only outperform traditional methods in terms of detection accuracy, but also show certain availability in actual application environment.