Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation

Adaptive DDoS Attack Detection: Entropy-Based Model With Dynamic Threshold and Suspicious IP Reevaluation

DDoS constitutes a significant andger to network security, frequently employing anomalous traffic patterns to impede services. DDoS detection can be executed by an entropy-based anomaly detection approach, which juxtaposes the entropy value with the threshold <inline-formula> <tex-math nota...

Full description

Saved in:
Bibliographic Details
Main Authors: Juri Pebrianto, Vera Suryani
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
DDoS detection
entropy-based detection
dynamic threshold
suspicious IP reevaluation
k-dynamic adjustment
Online Access:https://ieeexplore.ieee.org/document/10935601/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:DDoS constitutes a significant andger to network security, frequently employing anomalous traffic patterns to impede services. DDoS detection can be executed by an entropy-based anomaly detection approach, which juxtaposes the entropy value with the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula>. Nonetheless, prior research indicates that the threshold <inline-formula> <tex-math notation="LaTeX">$\delta $ </tex-math></inline-formula> with a static k as the threshold sensitivity parameter is inadequate for detecting attacks on dynamic traffic patterns. This study presents two significant innovations: the re-evaluation of suspect IPs and the dynamic adjustment of the threshold via the parameter <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula>. Reevaluation is utilised to address dubious IPs that evade initial identification due to erratic traffic patterns, whereas <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> is engineered to enhance detection sensitivity by automatic adaptability to traffic fluctuations. The experimental results indicate that the method incorporating re-evaluation of suspect IPs enhances detection accuracy. Concurrently, the method utilising <inline-formula> <tex-math notation="LaTeX">$k_{\text {dynamic}}$ </tex-math></inline-formula> demonstrates enhanced detection efficacy while minimising the necessity for human modification of the k parameter. The suggested method, through these advances, surmounts the limits of prior systems, facilitating more efficient and adaptive detection of complicated attack traffic patterns.
ISSN:2169-3536

Similar Items