{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T21:36:56Z","timestamp":1776548216493,"version":"3.51.2"},"reference-count":34,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2016,10,1]],"date-time":"2016-10-01T00:00:00Z","timestamp":1475280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"<jats:p>Distributed denial-of-service (DDoS) attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS\/IPS), mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a multilayer perceptron (MLP) classification algorithm with genetic algorithm (GA) as learning algorithm. In this work, we analyzed the standard EPA-HTTP (environmental protection agency-hypertext transfer protocol) dataset and selected the parameters that will be used as input to the classifier model for differentiating the attack from normal profile. The parameters selected are the HTTP GET request count, entropy, and variance for every connection. The proposed model can provide a better accuracy of 98.31%, sensitivity of 0.9962, and specificity of 0.0561 when compared to other traditional classification models.<\/jats:p>","DOI":"10.3390\/e18100350","type":"journal-article","created":{"date-parts":[[2016,10,3]],"date-time":"2016-10-03T10:17:01Z","timestamp":1475489821000},"page":"350","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":50,"title":["Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks"],"prefix":"10.3390","volume":"18","author":[{"given":"Khundrakpam","family":"Johnson Singh","sequence":"first","affiliation":[{"name":"Department of Computer Science and Engineering, National Institute of Technology, Durgapur 713209, India"}]},{"given":"Khelchandra","family":"Thongam","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, National Institute of Technology, Manipur 795001, India"}]},{"given":"Tanmay","family":"De","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering, National Institute of Technology, Durgapur 713209, India"}]}],"member":"1968","published-online":{"date-parts":[[2016,10,1]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1016\/j.comnet.2015.02.026","article-title":"DDoS attack protection in the era of cloud computing and Software-Defined Networking","volume":"81","author":"Wang","year":"2015","journal-title":"Comput. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1353-4858(13)70058-8","article-title":"Preparing for the next DDoS attack","volume":"2013","author":"McGregory","year":"2013","journal-title":"Netw. Secur."},{"key":"ref_3","first-page":"12","article-title":"Distributed Denial of Service (DDoS) Mitigation Tools","volume":"5","author":"Hunter","year":"2003","journal-title":"Netw. Secur."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"436","DOI":"10.1016\/j.comnet.2012.06.021","article-title":"Dissecting SpyEye\u2013Understanding the design of third generation botnets","volume":"57","author":"Sood","year":"2013","journal-title":"Comput. Netw."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1016\/j.future.2014.03.003","article-title":"DDoS defense system for web services in a cloud environment","volume":"37","author":"Vissers","year":"2014","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/S1353-4858(12)70075-2","article-title":"Simple ways to dodge the DDoS bullet","volume":"2012","author":"Malecki","year":"2012","journal-title":"Netw. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"432","DOI":"10.1016\/j.procs.2012.06.056","article-title":"Tackling application-layer DDoS attacks","volume":"10","author":"Beitollahi","year":"2012","journal-title":"Procedia Comput. Sci."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1080\/02564602.2015.1098576","article-title":"An Intelligent ICMPv6 DDoS Fooding-attack Detection Framework (v6IIDS) Using Back-Propagation Neural Network","volume":"33","author":"Saad","year":"2015","journal-title":"IETE Tech. Rev."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"821315","DOI":"10.1155\/2013\/821315","article-title":"Real-time detection of application-layer DDoS attack using time series analysis","volume":"2013","author":"Ni","year":"2013","journal-title":"J. Control Sci. Eng."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1016\/j.mcm.2011.02.025","article-title":"A new multistage approach to detect subtle DDoS attacks","volume":"55","author":"Wang","year":"2012","journal-title":"Math. Comput. Model."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1016\/j.neucom.2015.04.101","article-title":"Detection of known and unknown DDoS attacks using Artificial Neural Networks","volume":"172","author":"Saied","year":"2015","journal-title":"Neurocomputing"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1016\/j.comcom.2015.06.012","article-title":"Detecting DDoS attacks against data center with correlation analysis","volume":"67","author":"Xiao","year":"2015","journal-title":"Comput. Commun."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"782","DOI":"10.1016\/j.cose.2012.06.002","article-title":"Real time DDoS detection using fuzzy estimators","volume":"31","author":"Shiaeles","year":"2012","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1016\/j.cose.2014.10.013","article-title":"Deceiving entropy based DoS detection","volume":"48","author":"Brooks","year":"2015","journal-title":"Comput. Secur."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Yatagai, T., Isohara, T., and Sasase, I. (2007, January 22\u201324). Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior. Proceedings of the IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Victoria, BC, Canada.","DOI":"10.1109\/PACRIM.2007.4313218"},{"key":"ref_16","unstructured":"Ko, N.-S., Noh, S.-K., Park, J.-D., Lee, S.-S., and Park, H.-S. (2010, January 11\u201314). An efficient anti-DDoS mechanism using flow-based forwarding technology. Proceedings of the 9th International Conference on Optical Internet (COIN 2010), Jeju, Korea."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1016\/j.comnet.2016.08.023","article-title":"A distributed filtering mechanism against DDoS attacks: ScoreForCore","volume":"108","author":"Kalkan","year":"2016","journal-title":"Comput. Netw."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1016\/j.adhoc.2013.11.006","article-title":"IEEE 802.11 DoS attack detection and mitigation utilizing Cross Layer Design","volume":"14","author":"Soryal","year":"2014","journal-title":"Ad Hoc Netw."},{"key":"ref_19","unstructured":"EPA-HTTP, Available online: http:\/\/ita.ee.lbl.gov\/html\/contrib\/EPA-HTTP.html."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1109\/TII.2012.2183138","article-title":"Performance of HTTP protocol in networked control systems","volume":"9","author":"Jestratjew","year":"2013","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"307","DOI":"10.1016\/j.jnca.2013.08.001","article-title":"Network attacks: Taxonomy, tools and systems","volume":"40","author":"Hoque","year":"2014","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.procs.2015.04.007","article-title":"DDoS Attack Detection Using Fast Entropy Approach on Flow-Based Network Traffic","volume":"50","author":"David","year":"2015","journal-title":"Procedia Comput. Sci."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1016\/j.asoc.2015.06.046","article-title":"GA-based learning for rule identification in fuzzy neural networks","volume":"35","author":"Dahal","year":"2015","journal-title":"Appl. Soft Comput."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"390","DOI":"10.1016\/j.neucom.2012.07.020","article-title":"Computation of multilayer perceptron sensitivity to input perturbation","volume":"99","author":"Yang","year":"2013","journal-title":"Neurocomputing"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"4710","DOI":"10.1016\/j.eswa.2011.09.082","article-title":"Evolutionary RBF classifier for polarimetric SAR images","volume":"39","author":"Ince","year":"2012","journal-title":"Expert Syst. Appl."},{"key":"ref_26","first-page":"300","article-title":"Integrating Global and Local Application of Naive Bayes Classifier","volume":"11","author":"Kotsiantis","year":"2014","journal-title":"Int. Arab J. Inf. Technol."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Aung, W.T., Myanma, Y., and Hla, K.H.M.S. (2009, January 7\u201311). Random forest classifier for multi-category classification of web pages. Proceedings of the IEEE Asia-Pacific Conference on Services Computing, Singapore, Singapore.","DOI":"10.1109\/APSCC.2009.5394100"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Schubert, C.M., Oxley, M.E., and Bauer, K.W. (2005, January 25\u201328). A comparison of ROC curves for label-fused within and across classifier systems. Proceedings of the 7th International Conference on Information Fusion, Philadelphia, PA, USA.","DOI":"10.1109\/ICIF.2005.1591885"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Jaswal, K., Kumar, P., and Rawat, S. (2015, January 2\u20134). Design and development of a prototype application for intrusion detection using data mining. Proceedings of the 4th International Conference on Infocom Technologies and Optimization, Noida, India.","DOI":"10.1109\/ICRITO.2015.7359266"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.cose.2013.11.005","article-title":"A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events","volume":"40","author":"Bhatia","year":"2014","journal-title":"Comput. Secur."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Thapngam, T., Yu, S., Zhou, W., and Beliakov, G. (2011, January 10\u201315). Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Shanghai, China.","DOI":"10.1109\/INFCOMW.2011.5928950"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Oikonomou, G., and Mirkovic, J. (2009, January 14\u201318). Modeling human behavior for defense against flash-crowd attacks. Proceedings of the IEEE International Conference on Communications, Dresden, Germany.","DOI":"10.1109\/ICC.2009.5199191"},{"key":"ref_33","unstructured":"The CAIDA \u201cDDoS Attack 2007\u201d Dataset. Available online: https:\/\/www.caida.org\/data\/passive\/ddos-20070804_dataset.xml."},{"key":"ref_34","unstructured":"LANDER: Los Angeles Network Data Exchange and Repository. Available online: http:\/\/www.isi.edu\/ant\/lander."}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/18\/10\/350\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T19:32:18Z","timestamp":1760211138000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/18\/10\/350"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,1]]},"references-count":34,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2016,10]]}},"alternative-id":["e18100350"],"URL":"https:\/\/doi.org\/10.3390\/e18100350","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,10,1]]}}}