Discriminating DDoS attack traffic from flash crowd through packet arrival patterns

Thapngam, Theerasak, Yu, Shui, Zhou, Wanlei and Beliakov, Gleb 2011, Discriminating DDoS attack traffic from flash crowd through packet arrival patterns, in INFOCOM WKSHPS 2011 : IEEE Conference on Computer Communications Workshops, IEEE, [Shanghai, China], pp. 952-957.

Attached Files
Name Description MIMEType Size Downloads

Title Discriminating DDoS attack traffic from flash crowd through packet arrival patterns
Author(s) Thapngam, Theerasak
Yu, Shui
Zhou, Wanlei
Beliakov, Gleb
Conference name International Workshop on Security in Computers, Networking and Communications (1st : 2011 : Shanghai, China)
Conference location Shanghai, China
Conference dates 10-15 Apr. 2011
Title of proceedings INFOCOM WKSHPS 2011 : IEEE Conference on Computer Communications Workshops
Editor(s) [Unknown]
Publication date 2011
Conference series International Workshop on Security in Computers, Networking and Communications
Start page 952
End page 957
Total pages 6
Publisher IEEE
Place of publication [Shanghai, China]
Keyword(s) anomaly detection
correlation coefficient
DDoS attacks
traffic patterns
Summary Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson's correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.
ISBN 1457702495
9781457702495
Language eng
Field of Research 080503 Networking and Communications
Socio Economic Objective 890101 Fixed Line Data Networks and Services
HERDC Research category E1 Full written paper - refereed
Copyright notice ©2011, IEEE
Persistent URL http://hdl.handle.net/10536/DRO/DU:30042190

Document type: Conference Paper
Collection: School of Information Technology
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Versions
Version Filter Type
Citation counts: Scopus Citation Count Cited 2 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 83 Abstract Views, 12 File Downloads  -  Detailed Statistics
Created: Tue, 14 Feb 2012, 15:11:07 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.