From: Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds
Notation | Description |
---|---|
H(Sc_IP) | Source entropy |
Sc_IP | Source IP |
p(Sc_IPi) | Probability of source imp |
X i | Number of packets received for Sc_IPi |
H(t_ID) | Traffic entropy |
p(t_ID) | Probability of traffic |
Y i | Number of packets received for (t_ID) |
u,v | Tolerance factors |
(Hc(Sc_IP)) | Current source entropy |
Hc(tID) | Current traffic entropy |
HN(Sc_IP) | Initial source entropy |
HN(t_ID) | Initial traffic entropy |
HN(Sc_IP) + u*σSc_IP)) | Upper threshold source entropy |
(HN(Sc_IP)−u∗σtc_ID)) | Lower threshold source entropy |
HN(tID) − v∗σt_ID)) | Lower threshold traffic entropy |
HN(tID) + v∗σt_ID)) | Upper threshold traffic entropy |
σSc_IP | Standard deviation of source |
σt_ID | Standard deviation of traffic |