Detection of Distributed Denial of Service Attacks Using Entropy on Sliding Window with Dynamic Threshold

The Internet has become an integral part of our day-to-day lives, from remaining connected to accessing information from any part of the world. Distributed Denial of service (DDoS) attacks disrupts the normal functioning of the Internet. Because of DDoS attacks, services over the Internet become inaccessible; regular hosts lose connectivity, etc. DDoS attacks are more dangerous because it is not always possible to differentiate whether an organization is under attack or its' just normal traffic. Therefore, an effective detection mechanism is needed that is computationally less expensive and can detect different types of attacks with good accuracy. Hence, in this paper, we propose Entropy with Dynamic Thresholds to detect DDoS attacks. A dynamic threshold helps us accurately detect an attack in different rates of traffic. To validate our approach, we have used the CICDDoS-2019 attack dataset.