An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined

Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife

doi:10.1109/iccnc.2019.8685632

Cited by 8 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to entropy theory, if one event is more likely to occur than another, then the amount of information that can be determined based on observations of that event is small [ 40 , 41 ]. Conversely, more information can be obtained by observing rare events [ 42 , 43 ]. Several approaches have been proposed to utilize the Shannon entropy or information entropy to understand the interaction between pedestrians and external conditions.…”

Section: Methodsmentioning

confidence: 99%

The Feasibility of Information-Entropy-Based Behavioral Analysis for Detecting Environmental Barriers

Lee

Hwang

Kim

2021

IJERPH

View full text Add to dashboard Cite

The enhancement of physical activity is highly correlated with the conditions of the built environment. Walking is considered to be a fundamental daily physical activity, which requires an appropriate environment. Therefore, the barriers of the built environment should be identified and addressed. Barriers can act as external stimuli for pedestrians, so pedestrians may diversely respond to them. Based on this consideration, this study examines the feasibility of information-entropy-based behavioral analysis for the detection of environmental barriers. The physical responses of pedestrians were collected using an inertial measurement unit (IMU) sensor in a smartphone. After the acquired data were converted to behavioral probability distributions, the information entropy of each grid cell was calculated. The grid cells whereby the participants indicated that environmental barriers were present yielded relatively high information entropy values. The findings of this study will facilitate the design of more pedestrian-friendly environments and the development of diverse approaches that utilize citizens for monitoring the built environment.

show abstract

Section: Methodsmentioning

confidence: 99%

The Feasibility of Information-Entropy-Based Behavioral Analysis for Detecting Environmental Barriers

Lee

Hwang

Kim

2021

IJERPH

View full text Add to dashboard Cite

show abstract

“…Paper [25] presented a novel network intrusion detection system using Shannon Entropy and traffic distributions of the source port. Paper [26] proposed a hybrid DDoS detection method, which integrates Kernel Online Anomaly Detection (KOAD), Shannon Entropy, and Mahalanobis Distance. In this study, Shannon Entropy is utilized with an online machine learning method to detect malicious traffic including DDoS attacks and Flash Event traffic.…”

Section: Entropy-based Technologiesmentioning

confidence: 99%

“…As the measure of uncertainty, entropy can be used to summarize feature distributions in a compact form [22]. ere are many forms of entropy, but only a few have been applied to network anomaly detection [23][24][25][26][27]. On this basis, we apply a Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm which we proposed to detect abnormal network traffic as a useful supplement of other approaches.…”

Section: Introductionmentioning

confidence: 99%

Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy

Zhou

Xiao

Yang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.

show abstract

“…They used a support vector machine (SVM) and two other statistical techniques, Shannon entropy and kernel online anomaly detection (KOAD). They found that Shannon entropy showed improved results when combined with the other two methods in recognizing DDoS attacks and flash events [ 24 ]. Ozcelik and Brooks reported a method called CUSUM-Entropy to detect DDoS attacks.…”

Section: Related Workmentioning

confidence: 99%

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Ali

Sulaiman

Al-Haddad

et al. 2021

Sensors

View full text Add to dashboard Cite

One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application.

show abstract

An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined

Cited by 8 publications

References 17 publications

The Feasibility of Information-Entropy-Based Behavioral Analysis for Detecting Environmental Barriers

The Feasibility of Information-Entropy-Based Behavioral Analysis for Detecting Environmental Barriers

Characterizing Network Anomaly Traffic with Euclidean Distance-Based Multiscale Fuzzy Entropy

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Contact Info

Product

Resources

About