Title :
Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics
Author :
Li, Ke ; Zhou, Wanlei ; Li, Ping ; Hai, Jing ; Liu, Jianwen
Author_Institution :
Sch. of Eng. & Inf. Technol., Deakin Univ., Melbourn, VIC, Australia
Abstract :
Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of Internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to Internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these methods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.
Keywords :
Internet; probability; telecommunication security; telecommunication traffic; Internet security; Internet stability; Internet traffic; distributed denial-of-service attack; flash crowd; normal network flow; probability metrics; Algorithm design and analysis; Computer crime; Detection algorithms; Floods; Information security; Information technology; Internet; Probability distribution; Telecommunication traffic; Traffic control; DDoS; Flash crowd; Probability metrics;
Conference_Titel :
Network and System Security, 2009. NSS '09. Third International Conference on
Conference_Location :
Gold Coast, QLD
Print_ISBN :
978-1-4244-5087-9
Electronic_ISBN :
978-0-7695-3838-9
DOI :
10.1109/NSS.2009.35
