Skip to main content
SpringerLink
Log in

A Multimetric Approach for Discriminating Distributed Denial of Service Attacks from Flash Crowds

  • Conference paper
  • First Online:
Advanced Multimedia and Ubiquitous Engineering

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 354))

Abstract

Distributed Denial of Service (DDoS) attack, whether at the application or network layer, continues to be a critical threat to the Internet. In a DDoS attack, attackers run a massive number of queries through the victim’s search engine or database query to bring the server down. This massive number of queries results in a very high traffic generated within a short period of time. Or in the Internet, researchers have identified a legitimate high traffic, known as a flash crow, where a very large number of users simultaneously access a popular web site, which produces a surge in traffic to the web site and might cause the site to be virtually unreachable. Thus the need to be able to discriminate between DDoS attack traffics and flash crowds. In this project, a hybrid discrimination mechanism is proposed to detect DDoS attacks using various features that characterize the DDoS traffics, and that distinguish it from flash crowds. These features include among others the entropy variation, the information distance, and the correlation coefficient.

This work is supported by Abu Dhabi University’s Faculty Research Incentive Grant.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Arbor: IP Flow-Based Technology (2011). http://www.arbornetworks.com

  2. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is my Botnet: analysis of a Botnet takeover. In: Proceedings of ACM Conference on Computer Communications Security (2009)

    Google Scholar 

  3. Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1) (2007)

    Google Scholar 

  4. Chen, Y., Hwang, K.: Spectral analysis of TCP flows for defense against reduction-of-quality attacks. In: The 2007 IEEE International Conference on Communications (ICC’07), pp. 1203–1210, June 2007

    Google Scholar 

  5. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314, 22–24 April 2003. IEEE CS Press (2003)

    Google Scholar 

  6. Blazek, R.B., Kim, H., Rozovskii, B., Tartakovsky, A.: A novel approach to detection of ‘Denial-of-Service’ attacks via adaptive sequential and batch-sequential change-point detection methods. In: Proceedings of IEEE Workshop Information Assurance and Security, pp. 220–226, June 2001. IEEE CS Press (2001)

    Google Scholar 

  7. Wang, H., Zhang, D., Shin, K.G.: Change-point monitoring for the detection of DoS attacks. IEEE Trans. Dependable Secure Comput. 1(4), 193–208 (2004)

    Google Scholar 

  8. Barford, P., Kline, J., Plonka, D., Ron, A.: A signal analysis of network traffic anomalies. In: Proceedings of ACM SIGCOMM internet measurement workshop, pp. 71–82, Nov 2002. ACM Press (2002)

    Google Scholar 

  9. Kumar, K., Joshi, R.C., Singh, K.: A distributed approach using entropy to detect DDoS attacks in ISP domain. In: The International Conference on Signal Processing of Communications and Networking (ICSCN’07), pp. 331–337, Feb 2007

    Google Scholar 

  10. Duan, Z., Yuan, X., Chandrashekar, J.: Controlling IP spoofing through interdomain packet filters. IEEE Trans. Dependable Secure Comput. 5(1), 22–36

    Google Scholar 

  11. Yi, F., Yu, S., Zhou, W., Hai, J., Bonti, A.: Source-based filtering algorithm against DDOS attacks. Int. J. Database Theory Appl. V1(1), 9–20 (2008)

    Google Scholar 

  12. Wang, H., Jin, C., Shin, K.G.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. V15(1), 40–53 (2007)

    Article  Google Scholar 

  13. Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-service attack detection techniques. IEEE Internet Comput. 10(1), 82–89 (2006)

    Article  Google Scholar 

  14. Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6) (2012)

    Google Scholar 

  15. Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)

    Article  Google Scholar 

  16. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and websites. In: Proceedings of 11th International Conference on World Wide Web (WWW), pp. 252–262 (2002)

    Google Scholar 

  17. Chenand, Y., Hwang, K.: Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. J. Parallel Distrib. Comput. V66(9), 1137–1151 (2006)

    Google Scholar 

  18. Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-Sale: surviving organized DDoS attacks that mimic flash crowds. In: Proceedings of Second Symposium on Networked Systems Design and Implementation (NSDI’05) (2005)

    Google Scholar 

  19. Xie, Y., Yu, S.-Z.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. V17(1), 54–65 (2009)

    Article  Google Scholar 

  20. Xie, Y., Yu, S.-Z.: Monitoring the application layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw. 17(1), 15–25 (2009)

    Article  Google Scholar 

  21. Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash crowd attacks. In: Proceedings of IEEE International Conference on Communications (2009)

    Google Scholar 

  22. Yu, S., Thapngam, T., Liu, J., Wei, S., Zhou, W.: Discriminating DDoS flows from flash crowds using information distance. In: Proceedings of Third International Conference on Network and System Security, pp. 351–356, Washington, DC, USA (2009)

    Google Scholar 

  23. Cover, T.M., Thomas, J.A.: Elements of Information Theory, 2nd edn. Wiley-Interscience (2006)

    Google Scholar 

  24. Shui, Yu., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Engineering, Abu Dhabi University, Abu Dhabi, United Arab Emirates

    Mourad Elhadef

Authors
  1. Mourad Elhadef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mourad Elhadef .

Editor information

Editors and Affiliations

  1. Seoul National University of Science and Technology, Seoul, Korea, Republic of (South Korea)

    James J. (Jong Hyuk) Park

  2. National Ilan University, Yilan City, Taiwan

    Han-Chieh Chao

  3. The University of Georgia, Athens, Georgia, USA

    Hamid Arabnia

  4. The University of Aizu, Aizuwakamatsu, Japan

    Neil Y. Yen

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Elhadef, M. (2016). A Multimetric Approach for Discriminating Distributed Denial of Service Attacks from Flash Crowds. In: Park, J., Chao, HC., Arabnia, H., Yen, N. (eds) Advanced Multimedia and Ubiquitous Engineering. Lecture Notes in Electrical Engineering, vol 354. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-47895-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-47895-0_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-47894-3

  • Online ISBN: 978-3-662-47895-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation