Research Article
A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed
Table 5
Comparative analysis of source and traffic cluster entropy for normal, flash, and attack traffic.
| | | Source address entropy range | Traffic cluster entropy range | Traffic received by server |
| | Normal traffic | 3.815607–4.125917 | 2.728398–2.772241 | 210 kbps–260 kbps | | Normal traffic with UDP and TCP attacks | 3.815607–6.378821 | 2.714725–5.526648 | 400 kbps–440 kbps | | Flash traffic | 5.290918–5.721889 | 2.701708–2.776293 | 375 kbps–450 kbps |
|
|
