Deakin University
Browse

File(s) under permanent embargo

Discriminating DDoS attack traffic from flash crowd through packet arrival patterns

conference contribution
posted on 2011-01-01, 00:00 authored by Theerasak Thapngam, Shui Yu, Wanlei Zhou, Gleb BeliakovGleb Beliakov
Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson's correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.

History

Event

International Workshop on Security in Computers, Networking and Communications (1st : 2011 : Shanghai, China)

Pagination

952 - 957

Publisher

IEEE

Location

Shanghai, China

Place of publication

[Shanghai, China]

Start date

2011-04-10

End date

2011-04-15

ISBN-13

9781457702495

ISBN-10

1457702495

Language

eng

Publication classification

E1 Full written paper - refereed

Copyright notice

2011, IEEE

Title of proceedings

INFOCOM WKSHPS 2011 : IEEE Conference on Computer Communications Workshops

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC