Detection of distributed denial of service attacks based on information theoretic approach in time series models

DDoS is becoming one of the most powerful and dangerous cyber-attacks. Tremendous research efforts have already been carried out in the detection of DDoS attacks. Entropy is a statistical measure of attack detection. A study on variation in the distribution of network traffic features is undertaken in this work. The network traffic parameters that are used for DDoS detection include the destination port, protocol, source IP and destination IP. The entropy of the traffic features are passed through time series models so as to avoid the prediction errors. This work uses a nonlinear model called GARCH model (Generalised ARMA model) to improve detection efficiency as it is more suitable for long range non-stationary data series like network traffic. This work focuses on efficient low and high rate DDoS attacks detection based on network traffic entropy and time series models with dynamic threshold algorithm. A stochastic gradient algorithm with a dynamic threshold is used to detect DDoS. The experimental results show higher detection rate and lower false positive rate.