Detection of different types of distributed denial of service attacks using multiple features of entropy and sequential probabilities ratio test

Distributed Denial of Service (DDoS) is the most dangerous attacks that targeted public servers. It is difficult for victims to detect these kinds of attacks because DDoS attacks can be done remotely and reflected by legal users in the network toward specific victim. The goal of this research is to locate compromised interface and identify different types of DDoS attacks, especially up-to-date kinds of them. Multiple features of Entropy and Sequential Probabilities Ratio Test approach (E-SPRT) was proposed and implemented in order to detect different types of DDoS attacks. CICFlowMeter was used to produce bidirectional network flows and extract 82 of different features from each flow. Multiple features of E-SPRT divide incoming flows into fixed groups that have same number of flows called window size. CICDDoS2019 dataset was chosen in this research because it contains various kinds of recent attacks. The performance of all features of E-SPRT were tested by confusion matrix and compared with other higher-accuracy techniques. Finally, the implemented model with different features detects most up to date DDoS attacks and achieves an accuracy and detection rate almost over 99%.