An Entropy-based Detection for Tracing DDoS Attack Packets using Clustering with Machine Learning
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Pulchowk Campus
Abstract
The importance of internet in everyone’s life is similar like oxygen. Today it is all about
online reputation, internet marketing, online business, online degrees, social media
presence and internet banking. Therefore, the availability of internet is very critical for the
socio economic growth. One of the serious issue in the current Internet, is the denial-of-
service (DoS) attack that prevent the legitimate users from serving by servers.
The main step for stopping DDoS attacks is to detect attacks and generate alarm so that
necessary precaution need to be taken. The challenging part for network security is
detection of DDoS attacks. In this thesis, an approach is made aims at detecting DDoS
attacks in network using Entropy based detection algorithm. The proposed model is being
developed in intention to bridge the system complexities acquired in detection by advanced
techniques like machine learning, deep neural network with the traditional approach such
as Clustering without compromising in accuracies as they possessed. Therefore, the entropy based technique hybrid with machine learning algorithm, K-Nearest Neighbors (KNN) is
adapted in which entropy is calculated not only with singular parameter but also with the
parameters like source IP, source port, destination IP and destination port with respect to
time widows of 1sec, 5sec, 10sec and 15sec and compared with the threshold for each
respective parameter. The detection threshold is determined using unsupervised data
mining algorithm which is dynamic in nature. For this, k-means clustering algorithm is
used since it is much faster than other clustering algorithms. To reduce false alarm and
classifying the attacks, K-Nearest Neighbors (KNN) algorithm is used which maximizes
the accuracy against clustering alone. The network traffic profiling is also maintained so as
entropies against all feature parameters as mentioned earlier which helps in determining
flow pattern. Moreover, packet count per second and average packet length per second are
also calculated for adding attribute on precision detection. Since, the uses of bandwidth in
the network during attacks get significantly higher than the normal the traffic flow.
Therefore, the bandwidth is being monitored so closely throughout the testing period.
Description
The importance of internet in everyone’s life is similar like oxygen. Today it is all about
online reputation, internet marketing, online business, online degrees, social media
presence and internet banking. Therefore, the availability of internet is very critical for the
socio economic growth. One of the serious issue in the current Internet, is the denial-of-
service (DoS) attack that prevent the legitimate users from serving by servers.