AN ABNORMAL-BASED APPROACH TO EFFECTIVELY DETECT DDOS ATTACKS

Distributed Denail-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order alpha of the generalized (Renyi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order alpha = 2, and two hops earlier than the Shannon metric while order alpha = 10.) but can also reduce both the false positive rate and the false negative rate, compared with the traditional Shannon entropy metric approach.