File(s) under permanent embargo
Discriminating DDoS attack traffic from flash crowd through packet arrival patterns
conference contribution
posted on 2011-01-01, 00:00 authored by Theerasak Thapngam, Shui Yu, Wanlei Zhou, Gleb BeliakovGleb BeliakovCurrent DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson's correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.
History
Event
International Workshop on Security in Computers, Networking and Communications (1st : 2011 : Shanghai, China)Pagination
952 - 957Publisher
IEEELocation
Shanghai, ChinaPlace of publication
[Shanghai, China]Start date
2011-04-10End date
2011-04-15ISBN-13
9781457702495ISBN-10
1457702495Language
engPublication classification
E1 Full written paper - refereedCopyright notice
2011, IEEETitle of proceedings
INFOCOM WKSHPS 2011 : IEEE Conference on Computer Communications WorkshopsUsage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC