ACM SIGCOMM Computer Communication Review
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Rényi Extrapolation of Shannon Entropy
Open Systems & Information Dynamics
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Detecting anomalies in network traffic using maximum entropy estimation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
nth-order fractional Brownian motion and fractional Gaussian noises
IEEE Transactions on Signal Processing
Measuring time-frequency information content using the Renyi entropies
IEEE Transactions on Information Theory
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
Hi-index | 0.01 |
In information theory, entropies make up of the basis for distance and divergence measures among various probability densities. In this paper we propose a novel metric to detect DDoS attacks in networks by using the function of order *** of the generalized (Rényi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. Our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order *** =2, and two hops earlier to detect attacks while order *** =10.) but also reduce both the false positive rate and the false negative rate clearly compared with the traditional Shannon entropy metric approach.