Discriminating DDoS attacks from flash crowds using flow correlation coefficient
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
| Original language | English |
|---|---|
| Article number | 6060809 |
| Pages (from-to) | 1073-1080 |
| Journal / Publication | IEEE Transactions on Parallel and Distributed Systems |
| Volume | 23 |
| Issue number | 6 |
| Publication status | Published - 2012 |
Link(s)
Abstract
Distributed Denial of Service (DDoS) attack is a critical threat to the Internet, and botnets are usually the engines behind them. Sophisticated botmasters attempt to disable detectors by mimicking the traffic patterns of flash crowds. This poses a critical challenge to those who defend against DDoS attacks. In our deep study of the size and organization of current botnets, we found that the current attack flows are usually more similar to each other compared to the flows of flash crowds. Based on this, we proposed a discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows. We formulated the problem, and presented theoretical proofs for the feasibility of the proposed discrimination method in theory. Our extensive experiments confirmed the theoretical analysis and demonstrated the effectiveness of the proposed method in practice. © 1990-2012 IEEE.
Research Area(s)
- DDoS attacks, discrimination, flash crowds, similarity
Citation Format(s)
Discriminating DDoS attacks from flash crowds using flow correlation coefficient. / Yu, Shui; Zhou, Wanlei; Jia, Weijia et al.
In: IEEE Transactions on Parallel and Distributed Systems, Vol. 23, No. 6, 6060809, 2012, p. 1073-1080.
In: IEEE Transactions on Parallel and Distributed Systems, Vol. 23, No. 6, 6060809, 2012, p. 1073-1080.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
