Detecting DDoS Attacks on the Network Edge: An Information-Theoretic Correlation Analysis.

Nowadays, edge computing has become part of the Internet of Things (IoT) that plays a vital role in developing smart applications. As the usage of IoT devices significantly increases, at the same time, network edge infrastructure faces several security challenges. Distributed Denial-of-Service (DDoS) attack is one of the most severe threats to edge-cloud services. Therefore, designing a robust mitigating system is unavoidable for the network edge, and it must be able to recognize emerging attacks. This work proposes an anomaly-based DDoS detection approach that combines information-theoretic metrics and multivariate correlation analysis. The information-theoretic metric captures the randomness and complex nature of traffic behaviour. Similarly, multivariate correlation analysis identifies the relationship among traffic features. Combining information metrics and correlation analysis, we generate normal and attack traffic profiles for the training base to estimate density. The generated profiles build on the metrics including Triangle Area Mapping (TAM) with correlation analysis, Renyi’s divergence, covariance, mean, and standard deviation, which enhances the detection performance of the proposed approach. The effectiveness of the proposed approach is evaluated using testbed and benchmark datasets. The results show that the proposed approach achieves 0.17% and 2.32%, and 0.50% higher accuracy compared to the baseline approaches on the testbed, UNSW and CIC-DDoS datasets, respectively.