269 Ad Hoc & Sensor Wireless Networks, Vol. 49, pp. 269–288 Reprints available directly from the publisher Photocopying permitted by license only ©2021 Old City Publishing, Inc. Published by license under the OCP Science imprint, a member of the Old City Publishing Group. Entropy-based DDoS Attack Detection in Cluster-based Mobile Ad Hoc Networks DEEPA 1, *, KANWALVIR SINGH DHINDSA 2 AND KARANBIR SINGH 3 1 Dept. of Computer Appl., Tilak Raj Chadha Institute of Management & Technology, Yamuna Nagar, Haryana, India 2 Dept. of CSE, Baba Banda Singh Bahadur Engineering College, Fatehgarh Sahib, Punjab, India. E-mail: kdhindsa@gmail.com 3 Dept. of Computer Engg., Seth Jai Parkash Polytechnic, Yamuna Nagar, Haryana, India. E-mail: karan_nehra@yahoo.co.in Received: August 13, 2019. Accepted: May 4, 2021. Distributed denial of service attack is a huge threat to the security of mobile nodes and their communication in mobile ad hoc networks. In literature, several schemes have been suggested by the researchers but they failed to identify DDoS attacks with accuracy at their early stages. The idea of information theory is used in the proposed scheme to identify the randomness in the incoming flow by calculating the normalized entropy of cluster heads. Normalized entropy and packet rate values are compared with the entropy and packet rate thresholds respectively to identify the happening of suspicious activity and suspicious flows. The attack-related information extracted from suspicious flows is exchanged with the neighboring cluster heads to confirm the happening of DDoS attacks. Once the occurrence of DDoS attack is confirmed; all the traffic related to it will be dropped. Further cluster heads share attack-related information to neighboring clusters to achieve distributed defense. The proposed scheme detects the happening of DDoS attacks in short moni- toring periods. The simulation results show that the proposed scheme detects 95% of DDoS attacks with high precision and low false alarm rates. Keywords: Entropy, MANET, DDoS, cluster, attack detection, defense *Corresponding author: E-mail address: deepa.nehra@gmail.com