Collective DDoS Detection by an Entropy-based Method

Abstract

Distributed Denial of Service (DDoS) are known as fearsome and hard to detect and to deal with. We introduce in this paper a collective technique for DDoS detection in wide network areas. Entropy of the distances traveled by the packets is calculated and exchanged between routers in order to locally decide if there is an ongoing DDoS or not. Contrary to most of the similar methods in the literature, that are based on the entropy of source addresses, we have opted for the entropy of the distances traveled by the packets in order to prevent IP spoofing techniques. Collective detection consists in combining decisions within local neighborhoods. Experiments using the platform OMNet++ show the potential of the new technique for efficient collective detection of DDoS attacks.