A novel feature-based framework enabling multi-type DDoS attacks detection

13Citations
Citations of this article
40Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Distributed Denial of Service (DDoS) attacks are among the most severe threats in cyberspace. The existing methods are only designed to decide whether certain types of DDoS attacks are ongoing. As a result, they cannot detect other types of attacks, not to mention the even more challenging mixed DDoS attacks. In this paper, we comprehensively analyzed the characteristics of various types of DDoS attacks and innovatively proposed five new features from heterogeneous packets including entropy rate of IP source flow, entropy rate of flow, entropy of packet size, entropy rate of packet size, and number of ICMP destination unreachable packet to detect not only various types of DDoS attacks, but also the mixture of them. The experimental results show that the proposed fives features ranked at the top compared with other common features in terms of effectiveness. Besides, by using these features, our proposed framework outperforms the existing methods when detecting various DDoS attacks and mixed DDoS attacks. The detection accuracy improvements over the existing methods are between 21% and 53%.

Cite

CITATION STYLE

APA

Zhou, L., Zhu, Y., Xiang, Y., & Zong, T. (2023). A novel feature-based framework enabling multi-type DDoS attacks detection. World Wide Web, 26(1), 163–185. https://doi.org/10.1007/s11280-022-01040-3

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free