Entropy Methods for DDoS Attacks Detection in Telecommunication Systems

The given article is devoted to the protection of telecommunications networks from DDoS-attacks. The goal is the synthesis of DDoS-attacks detection method which is not related to the attacks parameters and parameters of network and transport layers. A universal sign of attack emergence can be appearance of information measure anomaly of both total traffic and its certain characteristics. On the basis of this hypothesis a method for the detection of DDoS-attacks based on entropy of network traffic is developed in the article. It is reasonable to base the solution for information anomaly detection on recursive procedures of estimation of current entropy state. The entropy itself must be formed on the basis of sample in the assigned window. The use of this method is demonstrated on the example of abrupt and smooth emergence of attack.