Dynamic entropy based DoS attack detection method

• Presents dynamic entropy-based model for the detection of DoS attacks based on the theory of alive communication.
• We construct dynamic entropy model of communication system.
• Introduce entropy changing rate and find that dynamic entropy-based method is more sensitive in detecting anomalies.
• ROC curves further verifies the effectiveness of dynamic entropy-based model.
• Dynamic entropy-based model can effectively detect DoS variant attacks and can be applied to large scale network.

Denial of Service (DoS) attack poses a severe threat to the Internet. Entropy-based methods have been successfully used to detect specific types of malicious traffic. This paper presents a novel dynamic entropy-based model for the detection of DoS attack. Based on the theory of alive communication, the dynamic entropy model is constructed by combining the information entropy as well as the feature of netflow conversation correlation. This is the first application of the theory of alive communication in the network anomalies detection. To evaluate the performance of the dynamic entropy model, we compare it with the traditional information entropy model. The experiment results demonstrate the presence of traffic’s dynamic entropy and show that the dynamic entropy keeps stable under normal traffic. By contrast, it fluctuates significantly when the network subjects to DoS attacks. Moreover, the detection rate of dynamic entropy-based model is higher and can detect unknown DoS attacks effectively.

Figure optionsDownload as PowerPoint slide