Title :
Superpoint-based detection against distributed denial of service (DDoS) flooding attacks
Author :
Hong Jiang ; Shuqiao Chen ; Hongchao Hu ; Mingming Zhang
Author_Institution :
Nat. Digital Switching Syst. Eng. & Technol. Res. Center, Zhengzhou, China
Abstract :
DDoS flooding attack is a critical threat to the normal operation of network. However, current feature-based detection methods are cheated by hackers easily and most of these mechanisms do not differentiate between DDoS flooding attacks and legitimate random flash crowds with feature independent and location extended. To address the challenges, we propose a two-stage detection strategy by combining superpoints and flow similarity measurement. To locate the suspicious flows, polymerization degree of destination superpoints is introduced in a moving time window mechanism. Based on the suspicious flows, a sliding-detection algorithm is presented for distinguishing flooding attacks from flash crowds with similarity metrics. Computer simulation results indicate that our detection approach can detect DDoS flooding attacks efficiently and Total Variation Distance (TVD) is the most suitable metric for discriminating DDoS flooding attack flows from flash crowds. Built on flow arrivals, the proposed mechanism is practical for the attack detection on high speed links.
Keywords :
computer network security; DDoS flooding attack; TVD; distributed denial of service flooding attacks; feature independent; location extended; moving time window mechanism; sliding-detection algorithm; superpoint-based detection; total variation distance; two-stage detection strategy; Computer crime; Computer hacking; Feature extraction; Floods; IP networks; Measurement; Polymers; DDoS flooding attacks; TVD; detection strategy; flow similarity measurement; superpoints;
Conference_Titel :
Local and Metropolitan Area Networks (LANMAN), 2015 IEEE International Workshop on
Conference_Location :
Beijing
DOI :
10.1109/LANMAN.2015.7114724