Study on detecting DDOS attacks based on information entropy of multidimensional judgment matrix

Building an efficient system for detection of DDoS (distributed denial of service) attacks is essential in network security management. Existing studies on DDOS attacks can be divided into three categories: statistical library building, IP address information entropy, and machine learning, which, however, all suffer some shortcomings: the statistical library algorithm needs massive historical data for training and has low capacities for generalization; machine learning algorithms have complex computing processes and require massive resources; the IP address information entropy algorithm can detect very limited elements of attacks. Therefore, this paper proposes a network quintuple information entropy detection algorithm based on judgment matrix hierarchy analysis, which counts the network quintuple information entropy from 10 to 100% and determines the judgment matrix evaluation model. Experiments showed that our algorithm reached a detection rate of 100% under different intensities of DDOS attacks, while the rate for the algorithms based on source IP and target IP is only 70% and 50%. The experiments have proved that the algorithm presented here has superior detection performance and good generalization capacities.