Openly accessible

Distinguishing DDoS attacks from flash crowds using probability metrics

Li, Ke, Zhou, Wanlei, Li, Ping, Hai, Jing and Liu, Jianwen 2009, Distinguishing DDoS attacks from flash crowds using probability metrics, in NSS 2009 : Proceedings of the third International Conference on Network and System Security, IEEE, Piscataway, N. J., pp. 9-17.

Attached Files
Name Description MIMEType Size Downloads
zhou-distinguishingddosattacks-2009.pdf Published version application/pdf 588.97KB 562

Title Distinguishing DDoS attacks from flash crowds using probability metrics
Author(s) Li, Ke
Zhou, Wanlei
Li, Ping
Hai, Jing
Liu, Jianwen
Conference name Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland)
Conference location Gold Coast, Queensland
Conference dates 19-21 Oct. 2009
Title of proceedings NSS 2009 : Proceedings of the third International Conference on Network and System Security
Editor(s) Xiang, Yang
Lopez, Javier
Wang, Haining
Zhou, Wanlei
Publication date 2009
Conference series Network and System Security International Conference
Start page 9
End page 17
Total pages 9
Publisher IEEE
Place of publication Piscataway, N. J.
Keyword(s) DDoS
Flash crowd
Probability metrics
Summary Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these mathods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.
Notes This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
ISBN 9780769538389
Language eng
Field of Research 080501 Distributed and Grid Systems
Socio Economic Objective 890101 Fixed Line Data Networks and Services
HERDC Research category E1 Full written paper - refereed
Copyright notice ©2009, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30029016

Document type: Conference Paper
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Access Statistics: 399 Abstract Views, 562 File Downloads  -  Detailed Statistics
Created: Tue, 01 Jun 2010, 11:39:41 EST by Leanne Swaneveld

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.