A DDoS Attack Detection Method Using Conditional Entropy Based on SDN Traffic

Abstract

To detect each network attack in an SDN environment, an attack detection method is proposed based on an analysis of the features of the attack and the change in entropy of each parameter. Entropy is a parameter used in information theory to express a certain degree of order. However, with the increasing complexity of networks and the diversity of attack types, existing studies use a single entropy, which does not discriminate correctly between attacks and normal traffic and may lead to false positives. In this paper, we propose new state determination standards that use the normal distribution characteristics of the entropy value at the time which an attack did not occur, subdivide the normal and abnormal range represented by the entropy value, improving the accuracy of attack determination. Furthermore, we show the effectiveness of the proposed method by numerical analysis.