Discriminating DDoS flows from flash crowds using information distance Yu, Shui, Thapngam, Theerasak, Liu, Jianwen, Wei, Su and Zhou, Wanlei 2009, Discriminating DDoS flows from flash crowds using information distance, in NSS 2009 : Proceedings of the third International Conference on Network and System Security, IEEE, Piscataway, N. J., pp. 351-356. Attached Files Name Description MIMEType Size Downloads yu-discriminatingddosflows-2009.pdf Published version application/pdf 220.17KB 1235 Title Discriminating DDoS flows from flash crowds using information distance Author(s) Yu, Shui orcid.org/0000-0003-4485-6743 Thapngam, Theerasak Liu, Jianwen Wei, Su Zhou, Wanlei orcid.org/0000-0002-1680-2521 Conference name Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland) Conference location Gold Coast, Queensland Conference dates 19-21 Oct. 2009 Title of proceedings NSS 2009 : Proceedings of the third International Conference on Network and System Security Editor(s) Xiang, Yang Lopez, Javier Wang, Haining Zhou, Wanlei Publication date 2009 Conference series Network and System Security International Conference Start page 351 End page 356 Total pages 6 Publisher IEEE Place of publication Piscataway, N. J. Keyword(s) DDoS Attack Distance Measurement Summary Discriminating DDoS flooding attacks from flash crowds poses a tough challenge for the network security community. Because of the vulnerability of the original design of the Internet, attackers can easily mimic the patterns of legitimate network traffic to fly under the radar. The existing fingerprint or feature based algorithms are incapable to detect new attack strategies. In this paper, we aim to differentiate DDoS attack flows from flash crowds. We are motivated by the following fact: the attack flows are generated by the same prebuilt program (attack tools), however, flash crowds come from randomly distributed users all over the Internet. Therefore, the flow similarity among DDoS attack flows is much stronger than that among flash crowds. We employ abstract distance metrics, the Jeffrey distance, the Sibson distance, and the Hellinger distance to measure the similarity among flows to achieve our goal. We compared the three metrics and found that the Sibson distance is the most suitable one for our purpose. We apply our algorithm to the real datasets and the results indicate that the proposed algorithm can differentiate them with an accuracy around 65%. Notes This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. ISBN 9780769538389 Language eng Field of Research 080503 Networking and Communications Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences HERDC Research category E1 Full written paper - refereed Copyright notice ©2009, IEEE Free to Read? Yes Persistent URL http://hdl.handle.net/10536/DRO/DU:30029015 Document type: Conference Paper Collections: School of Information Technology Open Access Collection Related Links Link Description Connect to published version (restricted access) Go to link with your DU access privileges     Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved. Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au. Versions Version Filter Type Tue, 01 Jun 2010, 11:34:58 EST Tue, 01 Jun 2010, 11:37:36 EST Tue, 01 Jun 2010, 12:06:07 EST Tue, 21 Sep 2010, 14:18:28 EST Thu, 23 Sep 2010, 15:32:39 EST Wed, 14 Mar 2012, 14:24:55 EST Fri, 16 Mar 2012, 18:04:14 EST Fri, 17 Jan 2014, 13:00:27 EST Fri, 22 Aug 2014, 14:47:13 EST Fri, 17 Oct 2014, 10:20:45 EST Fri, 06 Feb 2015, 10:36:09 EST Fri, 09 Oct 2015, 17:06:39 EST Mon, 12 Oct 2015, 15:00:33 EST Wed, 14 Oct 2015, 13:05:31 EST Tue, 06 Sep 2016, 15:17:09 EST Tue, 05 Dec 2017, 09:15:45 EST Fri, 07 Sep 2018, 14:58:09 EST Filtered Full Citation counts:   Cited 26 times in TR Web of Science Cited 44 times in Scopus Search Google Scholar Access Statistics: 963 Abstract Views, 1235 File Downloads  -  Detailed Statistics Created: Tue, 01 Jun 2010, 11:34:51 EST by Leanne Swaneveld

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.