DDoS Detection and Prevention Based on Joint Entropy and Conditional Entropy
Distributed Denial of Service (DDoS) imposes a very serious threat to the stability of the Internet. Compared with many detection approaches, detecting DDoS attacks based on entropy has advantages such as simplicity, high sensitivity and low false positive rate. But the method with single attribute entropy has high false positive rate when detecting attribute forged attacks. This paper presents a detecting method based on joint entropy and a filtering way based on conditional entropy. The efficiency of this scheme is validated with simulation on the research lab network.
Y. H. Gu and W. M. Wu, "DDoS Detection and Prevention Based on Joint Entropy and Conditional Entropy", Key Engineering Materials, Vols. 474-476, pp. 2129-2133, 2011