Deakin University
Browse

Distinguishing DDoS attacks from flash crowds using probability metrics

conference contribution
posted on 2009-01-01, 00:00 authored by Ke Li, Wanlei Zhou, Ping Li, J Hai, Jian Liu
Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these mathods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.

History

Event

Network and System Security International Conference (3rd : 2009 : Gold Coast, Queensland)

Pagination

9 - 17

Publisher

IEEE

Location

Gold Coast, Queensland

Place of publication

Piscataway, N. J.

Start date

2009-10-19

End date

2009-10-21

ISBN-13

9780769538389

Language

eng

Notes

This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Publication classification

E1 Full written paper - refereed

Copyright notice

2009, IEEE

Editor/Contributor(s)

Y Xiang, J Lopez, H Wang, W Zhou

Title of proceedings

NSS 2009 : Proceedings of the third International Conference on Network and System Security

Usage metrics

    Research Publications

    Categories

    No categories selected

    Keywords

    DDoSFlash crowdProbability metricsScience & TechnologyTechnologyComputer Science, Hardware & ArchitectureComputer Science, Theory & MethodsEngineering, Electrical & ElectronicComputer ScienceEngineering

    Licence

    All Rights Reserved

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC