Research Article
OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN
Table 2
Features extracted from different packets.
| Packet type | # | Feature description |
| TCP | 1 | Fraction of TCP packets with SYN flag set | 2 | Fraction of TCP packets with ACK flag set | 3 | Entropy of src IP addresses | 4 | Entropy of dst IP addresses | 5 | Entropy of src ports | 6 | Entropy of dst ports | 7 | Entropy of TCP sequences |
| UDP | 8 | Fraction of dst port 1024 UDP packets | 9 | Fraction of dst port 1024 UDP packets | 10 | Entropy of src IP addresses | 11 | Entropy of dst IP addresses | 12 | Entropy of length for UDP packets |
| ICMP | 13 | Entropy of src IP addresses | 14 | Entropy of dst IP addresses | 15 | Entropy of TTL values | 16 | Fraction of ICMP packets in total |
|
|