DDOS attack detection using packet size interval

Distributed Denial-of-Service (DDoS) attacks are a great threat to the Internet. Enabling accurately detection of Distribute Denial-of-Service attacks is important because it is the foundation of defense against the attacks. In this paper, we focus on the distribution difference of the packet size between normal traffic flows and attack traffic flows and propose an entropy-based detection measurement. The measurement can highlights the characteristics of attack traffic. The experimental results show that the proposed measurement can effectively and clearly distinguish attack flows from normal flows in both low and high packet rate.