Adaptive DDoS Detector Design Using Fast Entropy Computation Method

Recently, the threat of DDoS (Distributed Denial-of-Service) attacks is growing continuously and acquiring attacking tools via Internet is getting easy. One of the researches introduced a fast method to detect attacks using modified information entropy (so called Fast Entropy). Fast Entropy shows the significant reduce of computational time compared to conventional entropy computation while it maintains detection accuracy. However, Fast Entropy needs the manual threshold settings during detection process which is not realistic in real detection facility. We introduce adaptive detector with dynamic detection window size and adaptive threshold shifting using Fast Entropy, called AFEA (Adaptive DDoS attack detection using Fast Entropy Approach). Our adaptive DDoS detector successfully demonstrates that its performance of the DDoS detection can be enhanced by the best result of Fast Entropy detection scheme without manual threshold setting and system training while it maintains the same computational time of Fast Entropy detection scheme. In addition, we found that Dynamic AFEA can enhance detection level more than fixed (non-dynamic) one when it is equipped with Fast Entropy.