An Intelligent Approach to HTTP Flood DDoS Detection Using Bayes-Entropy

Abstract

One of the most serious cyberattacks on network systems or internet services is the distributed denial of service (DDoS) attack. Even though DDoS attacks can be detected in a variety of ways, the issue still exists. The major presumptions around this gap are put out in this work using mathematical techniques that may effectively identify HTTP flooding DDoS attacks. To stop destructive HTTP flooding DDoS packets from reaching the website, this work presented a powerful mathematical approach based on Bayes-entropy. The traffic will be separated into aggregated packets based on (t) time, and each aggregated packet will be broken down into equal smaller time intervals called events, which will subsequently be grouped into groups based on (t) time (equal packets size with the same inter arrival time). This technique will use the Bayes theorem to calculate the chance of HTTP flooding DDoS attacks inside the group and the entropy equation to calculate the unpredictability within the group. If the computed statistics suggest a high frequency of such attacks and a low amount of randomness in the chosen group under examination, it will be categorized as an HTTP flooding DDoS attack; otherwise, it will be labeled as normal. Experiment results on the ISCX dataset show that the proposed technique produces high accuracy rates of 97.14%.