Evaluation Of Entropy-Based Detection Of Outbound Denial-Of-Service Attacks In Edge Networks

This paper presents an evaluation of entropy-based network intrusion detection in the case of outbound denial-of-service attacks in edge networks. The detector monitors entropy of several simple packet distributions: source and destination ports, and number of packets and bytes transferred. Cumulative sum control chart (CUSUM) algorithm is used for change-point detection. The performance of entropy-based method has been evaluated in simulated environment, using ns2 simulator, and compared with an optimized version of one existing approach, namely CUSUM-based monitoring of the number of Synchronize sequence numbers (SYN) packets. The results show that entropy-based detector does not reach the performance of a method tailored for a specific type of attack but, in general case, has good performance. The main advantage of entropy-based detector is its generality, as it supports detection of many different types of attacks and network anomalies. Copyright (c) 2014 John Wiley & Sons, Ltd.