• DocumentCode
    1361184
  • Title

    Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient

  • Author

    Yu, Shui ; Zhou, Wanlei ; Jia, Weijia ; Guo, Song ; Xiang, Yong ; Tang, Feilong

  • Author_Institution
    Sch. of Inf. Technol., Deakin Univ., Burwood, VIC, Australia
  • Volume
    23
  • Issue
    6
  • fYear
    2012
  • fDate
    6/1/2012 12:00:00 AM
  • Firstpage
    1073
  • Lastpage
    1080
  • Abstract
    Distributed Denial of Service (DDoS) attack is a critical threat to the Internet, and botnets are usually the engines behind them. Sophisticated botmasters attempt to disable detectors by mimicking the traffic patterns of flash crowds. This poses a critical challenge to those who defend against DDoS attacks. In our deep study of the size and organization of current botnets, we found that the current attack flows are usually more similar to each other compared to the flows of flash crowds. Based on this, we proposed a discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows. We formulated the problem, and presented theoretical proofs for the feasibility of the proposed discrimination method in theory. Our extensive experiments confirmed the theoretical analysis and demonstrated the effectiveness of the proposed method in practice.
  • Keywords
    Internet; computer network security; DDoS attack; Internet; botnets; discrimination algorithm; flash crowds; flow correlation coefficient; similarity metric; suspicious flows; traffic pattern; Ash; Communities; Computer crime; Correlation; Delay; Servers; DDoS attacks; discrimination.; flash crowds; similarity;
  • fLanguage
    English
  • Journal_Title
    Parallel and Distributed Systems, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    1045-9219
  • Type

    jour

  • DOI
    10.1109/TPDS.2011.262
  • Filename
    6060809
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1361184