Research Article
OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN
Table 2
Features extracted from different packets.
| | Packet type | # | Feature description |
| | TCP | 1 | Fraction of TCP packets with SYN flag set | | 2 | Fraction of TCP packets with ACK flag set | | 3 | Entropy of src IP addresses | | 4 | Entropy of dst IP addresses | | 5 | Entropy of src ports | | 6 | Entropy of dst ports | | 7 | Entropy of TCP sequences |
| | UDP | 8 | Fraction of dst port 1024 UDP packets | | 9 | Fraction of dst port 1024 UDP packets | | 10 | Entropy of src IP addresses | | 11 | Entropy of dst IP addresses | | 12 | Entropy of length for UDP packets |
| | ICMP | 13 | Entropy of src IP addresses | | 14 | Entropy of dst IP addresses | | 15 | Entropy of TTL values | | 16 | Fraction of ICMP packets in total |
|
|
