Cusum - Entropy: An efficient method for DDoS attack detection

Ozcelik I., Brooks R. R.

4th International Istanbul Smart Grid Congress and Fair (ICSG), İstanbul, Turkey, 20 - 21 April 2016, pp.85-89 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/sgcf.2016.7492429
  • City: İstanbul
  • Country: Turkey
  • Page Numbers: pp.85-89
  • Recep Tayyip Erdoğan University Affiliated: Yes


Computers and Internet have evolved into necessary tools for our professional, personal and social lives. As a result of growing dependence, the availability of these systems has become a concern. This concern increases exponentially when considering systems such as smart power grids and public utility services. Therefore, research should be conducted to develop effective ways of detecting system anomalies. Denial of Service attacks are an important problem for the communication systems. Researchers proposed many DDoS detection approaches. In this study, we propose a novel DDoS detection approach: Cusum - Entropy. Our approach performs additional signal processing on the entropy of the packet header field to improve detection efficiency. We tested our approach using operational network traffic and performing DDoS attacks without jeopardizing the operation network. Our results showed that our approach gives high detection and low false positive rates and outperforms the detection approach using the entropy of packet header field.