Abstract
Entropy-based features have been widely utilized for detecting DDoS attacks in recent years. However, existing approaches mainly focus on using a small number of entropy-based features to distinguish attack traffic from normal traffic. The drawback of this approach is that it limits the type of DDoS attacks that can be detected. To overcome this problem, we proposed a set of new entropy-based features that help to detect DDoS attacks accurately and introduced a novel multi classifier system based on the proposed set of multiple entropy-based features and machine learning classifiers to increase the generality and accuracy of detecting low-intensity and high-intensity DDoS attacks. We have tested and evaluated using datasets of different intensities. Experiment results showed that our approach achieved higher precision and higher recall values compared to several state-of-the-art approaches. Our approach generates consistent results as being the best or second best classifier in four different types of datasets containing different types of attack intensities.