Skip to main content
Computers and Electrical EngineeringVolume 73, January 2019, Pages 84-96

A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method(Article)(Open Access)

  Save all to author list
  • aSchool of Computing University Union Belgrade, 6/6 Knez Mihailova, Belgrade, Serbia
  • bFaculty of Technical Sciences University of Novi Sad, 6 Trg Dositeja Obradovica, Novi Sad, Serbia
  • cRT-RK Institute for Computer Based Systems, 23a Narodnog Fronta, Novi Sad, Serbia

Abstract

This paper presents a hybrid method for the detection of distributed denial-of-service (DDoS) attacks that combines feature-based and volume-based detection. Our approach is based on an exponential moving average algorithm for decision-making, applied to both entropy and packet number time series. The approach has been tested by performing a controlled DDoS experiment in a real academic network. The network setup and test scenarios including both high-rate and low-rate attacks are described in the paper. The performance of the proposed method is compared to the performance of two methods that are already known in the literature. One is based on the counting of SYN packets and is used for detection of SYN flood attacks, while the other is based on a CUSUM algorithm applied to the entropy time series. The results show the advantage of our approach compared to methods that are based on either entropy or number of packets only. © 2018 Elsevier Ltd

Author keywords

CUSUMDenial of service attackExponential weighted moving averageNetwork securityPacket entropy

Indexed keywords

Engineering controlled terms:Decision makingEntropyNetwork securityTelecommunication trafficTime series
Engineering uncontrolled termsCUSUMCUSUM algorithmsDistributed denial of service attackExponential moving averagesExponential weighted moving averageHybrid detectionPacket numbersTest scenario
Engineering main heading:Denial-of-service attack

Funding details

Funding sponsor Funding number Acronym
Ministarstvo Prosvete, Nauke i Tehnološkog Razvoja44009,III 45003,III 44009-2MPNTR

  • 1

    This research was financially supported by the Ministry of Education, Science and Technological Development of the Republic of Serbia through Projects No. III 45003 and III 44009-2.

  • ISSN: 00457906
  • CODEN: CPEEB
  • Source Type: Journal
  • Original language: English
  • DOI: 10.1016/j.compeleceng.2018.11.004
  • Document Type: Article
  • Publisher: Elsevier Ltd

  Bojović, P.D.; School of Computing University Union Belgrade, 6/6 Knez Mihailova, Belgrade, Serbia;
© Copyright 2018 Elsevier B.V., All rights reserved.

Cited by 50 documents

Pandey, N. , Mishra, P.K.
Conditional entropy-based hybrid DDoS detection model for IoT networks
(2025) Computers and Security
Sowmya, T. , Mary Anita, E.A.
A novel stable feature selection algorithm for machine learning based intrusion detection system
(2025) Procedia Computer Science
Nassar, A.A. , Morsi, W.G.
A Fast and Effective Automated Wavelet-Deep learning-based Method to Detect Cyberattacks in Microgrids with EV Fast Charging Stations
(2024) Canadian Conference on Electrical and Computer Engineering
View details of all 50 citations
Inform me when this document is cited in Scopus:
Set citation alert Set citation feed
{"topic":{"name":"Distributed Denial of Service Attack; Application Layer; Network Security","id":12984,"uri":"Topic/12984","prominencePercentile":94.828316,"prominencePercentileString":"94.828","overallScholarlyOutput":0},"dig":"067371885792d97934befc48ef978597b4523f5aebe04150090d63a805bed205"}

SciVal Topic Prominence

Topic:
Prominence percentile: