Detection of Sources Being Used in DDoS Attacks

Khosroshahi Y., Özdemir E.

6th IEEE International Conference on Cyber Security and Cloud Computing (IEEE CSCloud) / 5th IEEE International Conference on Edge Computing and Scalable Cloud (IEEE EdgeCom), Paris, France, 21 - 23 June 2019, pp.163-168 identifier identifier


Distributed Denial of Service (DDoS) detection is one of the challenging topics in cyber defense realm. Detection of this type of attack in the early stages can be beneficial. In this paper, we propose an entropy-based detection framework using Support Vector Machine (SVM) classification algorithm to detect sources being used in DDoS attacks. This method can prevent Denial of Service (DoS) attack from proceeding in source devices which are involved in a DDoS botnet attack. By intercepting outgoing packets from an Android device, proposed framework extract packet features in a specific time window. Normal and abnormal network behavior of a user will be logged and analyzed using SVM algorithm. The obtained model will be used as a detection system for malicious activities.