All Title Author
Keywords Abstract

Using Renyi Cross Entropy to Analyze Traffic Matrix and Detect DDoS Attacks

Keywords: traffic matrix , Renyi cross entropy , DDoS attack , Anomaly detection , traffic analysis

Full-Text   Cite this paper   Add to My Lib


In this study, we propose Renyi cross entropy to analyze matrix traffic and detect anomaly rather than other entropy metrics, such as Shannon entropy, used extensively in many earlier studies. At first, we introduce a new type of traffic termed IF-flow (internal flow) collected in router. IF-flow can make the attack traffic more conspicuous in a large number of normal traffics, which makes attacks, especially DDoS attacks, spotted more easily. Then, the analysis of Renyi cross entropy of IF-flow matrix traffic, Abilene matrix traffic confirms that matrix traffic distribution has local stability in time. This conclusion provides a guidance to accurately detect anomaly. Finally, Renyi cross entropy is used to detect DDoS attacks existed in IF-flow testing data set and Abilene testing data set. The results of detection experiments show Renyi cross entropy based method can detect DDoS attacks at the beginning with higher detection rate, lower false alarm than Shannon entropy based method.


comments powered by Disqus