Abstract
Distributed Denial of Service (DDoS) attack, whether at the application or network layer, continues to be a critical threat to the Internet. In a DDoS attack, attackers run a massive number of queries through the victim’s search engine or database query to bring the server down. This massive number of queries results in a very high traffic generated within a short period of time. Or in the Internet, researchers have identified a legitimate high traffic, known as a flash crow, where a very large number of users simultaneously access a popular web site, which produces a surge in traffic to the web site and might cause the site to be virtually unreachable. Thus the need to be able to discriminate between DDoS attack traffics and flash crowds. In this project, a hybrid discrimination mechanism is proposed to detect DDoS attacks using various features that characterize the DDoS traffics, and that distinguish it from flash crowds. These features include among others the entropy variation, the information distance, and the correlation coefficient.
Keywords
This work is supported by Abu Dhabi University’s Faculty Research Incentive Grant.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Arbor: IP Flow-Based Technology (2011). http://www.arbornetworks.com
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is my Botnet: analysis of a Botnet takeover. In: Proceedings of ACM Conference on Computer Communications Security (2009)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1) (2007)
Chen, Y., Hwang, K.: Spectral analysis of TCP flows for defense against reduction-of-quality attacks. In: The 2007 IEEE International Conference on Communications (ICC’07), pp. 1203–1210, June 2007
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314, 22–24 April 2003. IEEE CS Press (2003)
Blazek, R.B., Kim, H., Rozovskii, B., Tartakovsky, A.: A novel approach to detection of ‘Denial-of-Service’ attacks via adaptive sequential and batch-sequential change-point detection methods. In: Proceedings of IEEE Workshop Information Assurance and Security, pp. 220–226, June 2001. IEEE CS Press (2001)
Wang, H., Zhang, D., Shin, K.G.: Change-point monitoring for the detection of DoS attacks. IEEE Trans. Dependable Secure Comput. 1(4), 193–208 (2004)
Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of ACM SIGCOMM internet measurement workshop, pp. 71–82, Nov 2002. ACM Press (2002)
Kumar, K., Joshi, R.C., Singh, K.: A distributed approach using entropy to detect DDoS attacks in ISP domain. In: The International Conference on Signal Processing of Communications and Networking (ICSCN’07), pp. 331–337, Feb 2007
Duan, Z., Yuan, X., Chandrashekar, J.: Controlling IP spoofing through interdomain packet filters. IEEE Trans. Dependable Secure Comput. 5(1), 22–36
Yi, F., Yu, S., Zhou, W., Hai, J., Bonti, A.: Source-based filtering algorithm against DDOS attacks. Int. J. Database Theory Appl. V1(1), 9–20 (2008)
Wang, H., Jin, C., Shin, K.G.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. V15(1), 40–53 (2007)
Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-service attack detection techniques. IEEE Internet Comput. 10(1), 82–89 (2006)
Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6) (2012)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and websites. In: Proceedings of 11th International Conference on World Wide Web (WWW), pp. 252–262 (2002)
Chenand, Y., Hwang, K.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. J. Parallel Distrib. Comput. V66(9), 1137–1151 (2006)
Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-Sale: surviving organized DDoS attacks that mimic flash crowds. In: Proceedings of Second Symposium on Networked Systems Design and Implementation (NSDI’05) (2005)
Xie, Y., Yu, S.-Z.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. V17(1), 54–65 (2009)
Xie, Y., Yu, S.-Z.: Monitoring the application layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)
Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash crowd attacks. In: Proceedings of IEEE International Conference on Communications (2009)
Yu, S., Thapngam, T., Liu, J., Wei, S., Zhou, W.: Discriminating DDoS flows from flash crowds using information distance. In: Proceedings of Third International Conference on Network and System Security, pp. 351–356, Washington, DC, USA (2009)
Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience (2006)
Shui, Yu., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elhadef, M. (2016). A Multimetric Approach for Discriminating Distributed Denial of Service Attacks from Flash Crowds. In: Park, J., Chao, HC., Arabnia, H., Yen, N. (eds) Advanced Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 354. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47895-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-662-47895-0_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-47894-3
Online ISBN: 978-3-662-47895-0
eBook Packages: EngineeringEngineering (R0)