# A practical approach to detection of distributed denial-of-service   attacks using a hybrid detection method

**Authors:** P.D. Bojovic, I. Basicevic, S. Ocovaj, M. Popovic

arXiv: 1812.05450 · 2018-12-14

## TL;DR

This paper introduces a hybrid DDoS detection method combining feature and volume analysis using exponential moving averages, tested on real network data, outperforming existing entropy or packet count-based methods.

## Contribution

The paper presents a novel hybrid detection approach that integrates entropy and packet volume analysis with exponential moving averages for improved DDoS detection.

## Key findings

- The hybrid method outperforms single-metric approaches.
- Effective detection of both high-rate and low-rate DDoS attacks.
- Validated on real network traffic with controlled experiments.

## Abstract

This paper presents a hybrid method for the detection of distributed denial-of-service (DDoS) attacks that combines feature-based and volume-based detection. Our approach is based on an exponential moving average algorithm for decision-making, applied to both entropy and packet number time series. The approach has been tested by performing a controlled DDoS experiment in a real academic network. The network setup and test scenarios including both high-rate and low-rate attacks are described in the paper. The performance of the proposed method is compared to the performance of two methods that are already known in the literature. One is based on the counting of SYN packets and is used for detection of SYN flood attacks, while the other is based on a CUSUM algorithm applied to the entropy time series. The results show the advantage of our approach compared to methods that are based on either entropy or number of packets only.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.05450/full.md

## Figures

16 figures with captions in the complete paper: https://tomesphere.com/paper/1812.05450/full.md

## References

23 references — full list in the complete paper: https://tomesphere.com/paper/1812.05450/full.md

---
Source: https://tomesphere.com/paper/1812.05450