Title :
Discriminating DDoS attack traffic from flash crowd through packet arrival patterns
Author :
Thapngam, Theerasak ; Yu, Shui ; Zhou, Wanlei ; Beliakov, Gleb
Author_Institution :
Sch. of Inf. Technol., Deakin Univ., Burwood, VIC, Australia
Abstract :
Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson´s correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.
Keywords :
computer network security; invasive software; telecommunication traffic; DDoS attack traffic discrimination; Pearson correlation coefficient; botnets; flash crowd; packet arrival patterns; packet transmission strategies; worms; Computer crime; Correlation; Delay; IP networks; Internet; Mathematical model; Servers; DDoS attacks; anomaly detection; correlation coefficient; traffic patterns;
Conference_Titel :
Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4577-0249-5
Electronic_ISBN :
978-1-4577-0248-8
DOI :
10.1109/INFCOMW.2011.5928950
