A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic
To detect each network attack in an SDN environment, an attack detection method is proposed based on an analysis of the features of the attack and the change in entropy of each parameter. Entropy is a parameter used in information theory to express a certain degree of order. However, with the increa...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-04-01
|
Series: | IoT |
Subjects: | |
Online Access: | https://www.mdpi.com/2624-831X/4/2/6 |
_version_ | 1797594141098508288 |
---|---|
author | Qiwen Tian Sumiko Miyata |
author_facet | Qiwen Tian Sumiko Miyata |
author_sort | Qiwen Tian |
collection | DOAJ |
description | To detect each network attack in an SDN environment, an attack detection method is proposed based on an analysis of the features of the attack and the change in entropy of each parameter. Entropy is a parameter used in information theory to express a certain degree of order. However, with the increasing complexity of networks and the diversity of attack types, existing studies use a single entropy, which does not discriminate correctly between attacks and normal traffic and may lead to false positives. In this paper, we propose new state determination standards that use the normal distribution characteristics of the entropy value at the time which an attack did not occur, subdivide the normal and abnormal range represented by the entropy value, improving the accuracy of attack determination. Furthermore, we show the effectiveness of the proposed method by numerical analysis. |
first_indexed | 2024-03-11T02:19:21Z |
format | Article |
id | doaj.art-5c6f96f0785e45608c8931f75ad60bd0 |
institution | Directory Open Access Journal |
issn | 2624-831X |
language | English |
last_indexed | 2024-03-11T02:19:21Z |
publishDate | 2023-04-01 |
publisher | MDPI AG |
record_format | Article |
series | IoT |
spelling | doaj.art-5c6f96f0785e45608c8931f75ad60bd02023-11-18T10:56:57ZengMDPI AGIoT2624-831X2023-04-01429511110.3390/iot4020006A DDoS Attack Detection Method Using Conditional Entropy Based on SDN TrafficQiwen Tian0Sumiko Miyata1Department of Electrical Engineering and Computer Science, Shibaura Institute of Techonology, 3-7-5 Toyosu, Koto-ku, Tokyo 135-8548, JapanDepartment of Electrical Engineering and Computer Science, Shibaura Institute of Techonology, 3-7-5 Toyosu, Koto-ku, Tokyo 135-8548, JapanTo detect each network attack in an SDN environment, an attack detection method is proposed based on an analysis of the features of the attack and the change in entropy of each parameter. Entropy is a parameter used in information theory to express a certain degree of order. However, with the increasing complexity of networks and the diversity of attack types, existing studies use a single entropy, which does not discriminate correctly between attacks and normal traffic and may lead to false positives. In this paper, we propose new state determination standards that use the normal distribution characteristics of the entropy value at the time which an attack did not occur, subdivide the normal and abnormal range represented by the entropy value, improving the accuracy of attack determination. Furthermore, we show the effectiveness of the proposed method by numerical analysis.https://www.mdpi.com/2624-831X/4/2/6entropySDNattack detectionDDoSabnormal trafficflash crowds |
spellingShingle | Qiwen Tian Sumiko Miyata A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic IoT entropy SDN attack detection DDoS abnormal traffic flash crowds |
title | A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic |
title_full | A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic |
title_fullStr | A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic |
title_full_unstemmed | A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic |
title_short | A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic |
title_sort | ddos attack detection method using conditional entropy based on sdn traffic |
topic | entropy SDN attack detection DDoS abnormal traffic flash crowds |
url | https://www.mdpi.com/2624-831X/4/2/6 |
work_keys_str_mv | AT qiwentian addosattackdetectionmethodusingconditionalentropybasedonsdntraffic AT sumikomiyata addosattackdetectionmethodusingconditionalentropybasedonsdntraffic AT qiwentian ddosattackdetectionmethodusingconditionalentropybasedonsdntraffic AT sumikomiyata ddosattackdetectionmethodusingconditionalentropybasedonsdntraffic |