Entropy-based DDoS Attack Detection in Cluster-based Mobile Ad Hoc Networks
Deepaa, Kanwalvir Singh Dhindsab, and Karanbir Singh

Distributed denial of service attack is a huge threat to the security of mobile nodes and their communication in mobile ad hoc networks. In literature, several schemes have been suggested by the researchers but they failed to identify DDoS attacks with accuracy at their early stages. The idea of information theory is used in the proposed scheme to identify the randomness in the incoming flow by calculating the normalized entropy of cluster heads. Normalized entropy and packet rate values are compared with the entropy and packet rate thresholds respectively to identify the happening of suspicious activity and suspicious flows. The attack-related information extracted from suspicious flows is exchanged with the neighboring cluster heads to confirm the happening of DDoS attacks. Once the occurrence of DDoS attack is confirmed; all the traffic related to it will be dropped. Further cluster heads share attack-related information to neighboring clusters to achieve distributed defense. The proposed scheme detects the happening of DDoS attacks in short monitoring periods. The simulation results show that the proposed scheme detects 95% of DDoS attacks with high precision and low false alarm rates.

Keywords: Entropy, MANET, DDoS, Cluster, Attack Detection, Defense

