Performance analysis of entropy variation-based detection of DDoS attacks in IoT

Abstract

Internet of Things (IoT) comprises of connected devices that collaborate to perform numerous tasks individually and collectively to facilitate services to the users. Distributed denial of service attacks aim to exhaust the resources of the target by sending enormous inessential traffic from numerous sources. IoT systems, generally being a resource-constrained network, are highly vulnerable to DDoS attacks. We aim to achieve the detection of DDoS attacks by rule-based detection method using information theory metrics. Variation in entropy of traffic features beyond a threshold is an indicator of change in density of traffic to a network. In this paper, we present a performance analysis of different parameters associated with entropy variation-based detection of DDoS attacks. Three feature sets were used for studying the impact of entropy variation in detection. Further, we have analysed the three kinds of entropies used for the detection namely, Shannon entropy, generalized entropy, and ϕ-entropy. Along with that, threshold determination for entropy values have been done in two ways, i.e. [average−standarddeviation,average+standarddeviation] and [lower quartile, upper quartile]. We found that quartile-based threshold has generally given better recall and accuracy and more consistent results with respect to the window sizes. It is also found that ϕ-entropy has given overall better results as compared to the Shannon entropy and Generalized entropy. Therefore, a combination of ϕ-entropy and quartile-based threshold is found to be the best parameters to identify the DDoS attacks.