Skip to main content
International Journal of Communication SystemsVolume 32, Issue 15, 1 October 2019, Article number e4067

Application of entropy formulas in detection of denial-of-service attacks(Article)

  Save all to author list
  • aFaculty of Technical Sciences, University of Novi Sad, Novi Sad, Serbia
  • bDepartment for Embedded Systems, RT-RK Institute for Computer Based Systems, Novi Sad, Serbia

Abstract

The paper compares five entropy formulas (Shannon, Tsallis, Rényi, Bhatia-Singh, and Ubriaco) and their application in the detection of distributed denial-of-service (DDoS) attacks. The Shannon formula has been used extensively for this purpose for more than a decade. The use of the Tsallis and Rényi formulas in this context has also been proposed. Bhatia-Singh entropy is a novel information metric with promising results in initial applications in this area. Ubriaco proposed an entropy function based on the fractional calculus. In this paper, flow size distribution was used as the input for detection. The type of DDoS attack is SYN flood, and simulation was used to obtain the input dataset. The results show that the Rényi and Bhatia-Singh detectors perform better than the rest. Rényi and Tsallis performed similarly with respect to the true positive rate, but Rényi had a much lower false positive rate. The Bhatia-Singh detector had the best true positive rate but a higher false positive rate than Rényi. The Ubriaco detector performed similar to the Shannon detector. With respect to detection delay, Tsallis, Ubriaco, and Shannon produced similar results, with a slight advantage associated with the Ubriaco detector, while Rényi and Bhatia-Singh had a larger detection delay than the former three. © 2019 John Wiley & Sons, Ltd.

Author keywords

denial-of-service (DoS) attackfractional entropynetwork securityRényi entropyShannon entropyTsallis entropy

Indexed keywords

Engineering controlled terms:CalculationsNetwork security
Engineering uncontrolled termsDenial of ServiceDistributed denial of service attackFalse positive ratesFractional calculusNovel informationShannon entropyTrue positive ratesTsallis entropies
Engineering main heading:Denial-of-service attack

Funding details

Funding sponsor Funding number Acronym
Ministarstvo Prosvete, Nauke i Tehnološkog Razvoja32030,TR32030MPNTR

  • 1

    This work has been partially supported by the Ministry of Education and Science of the Republic of Serbia under project TR32030.

  • ISSN: 10745351
  • CODEN: IJCYE
  • Source Type: Journal
  • Original language: English
  • DOI: 10.1002/dac.4067
  • Document Type: Article
  • Publisher: John Wiley and Sons Ltd

  Basicevic, I.; Faculty of Technical Sciences, University of Novi Sad, Novi Sad, Serbia;
© Copyright 2019 Elsevier B.V., All rights reserved.

Cited by 4 documents

Guo, X. , Gao, X.
A SYN Flood Attack Detection Method Based on Hierarchical Multihead Self-Attention Mechanism
(2022) Security and Communication Networks
Singh, J. , Jyoti, N. , Behal, S.
On the use of information theory metrics for detecting DDoS attacks and flash events: An empirical analysis, comparison, and future directions
(2021) Kuwait Journal of Science
Galeano-Brajones, J. , Carmona-Murillo, J. , Valenzuela-Valdés, J.F.
Detection and mitigation of DoS and DDoS attacks in iot-based stateful SDN: An experimental approach
(2020) Sensors (Switzerland)
View details of all 4 citations
Inform me when this document is cited in Scopus:
Set citation alert Set citation feed
{"topic":{"name":"Distributed Denial of Service Attack; Application Layer; Network Security","id":12984,"uri":"Topic/12984","prominencePercentile":94.828316,"prominencePercentileString":"94.828","overallScholarlyOutput":0},"dig":"470e70bc0fc7cd9d935cb5928fecf5a25bb737eea95c1b22e11bec7947f03ded"}

SciVal Topic Prominence

Topic:
Prominence percentile: