Entropy and Divergence-based DDoS Attack Detection System in IoT Networks

High and low-volume Distributed Denial of Service (DDoS) attacks are critical threats to many Internet of Things (IoT) networks. Low-volume attacks gradually overwhelm the device's resources, whereas high-volume attacks suddenly flood the device's resources, causing a decline in Quality of Service (QoS). Researchers have proposed various methods to detect DDoS attacks based on statistical and Machine Learning (ML) approaches. Research has also shown that statistical approaches are more efficient for IoT networks as they are simpler to develop and have better real-time performance. However, most existing ML and statistical-based detection methods are effective for either high-volume or low-volume attacks but not for both. This paper proposes a novel Entropy and Divergence-based DDoS Attack Detection (EDDAD) system that uses a statistical approach to simultaneously detect high and low-volume DDoS attacks with high accuracy. The EDDAD system computes entropy and Kullback-Leibler (KL) divergence of flow features in a time window to detect malicious traffic in IoT networks with adaptive thresholds that utilize statistical information. Our analysis of experimental results from a real testbed demonstrated that the EDDAD system is effective and can achieve detection accuracy of greater than 90% for both high and low-volume DDoS attacks.