Distinguishing between FE and DDoS Using Randomness Check

Authors:
Hyundo Park;Peng Li;Debin Gao;Heejo Lee;Robert H. Deng
Affiliations:
Korea University, Seoul, Korea;School of Information Systems, Singapore Management University, Singapore;School of Information Systems, Singapore Management University, Singapore;Korea University, Seoul, Korea;School of Information Systems, Singapore Management University, Singapore
Venue:
ISC '08 Proceedings of the 11th international conference on Information Security
Year:
2008

Citing 9
Cited 2

Dynamics of IP traffic: a study of the role of variability and the impact of control

Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
On network-aware clustering of Web clients

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites

Proceedings of the 11th international conference on World Wide Web
Countering DoS attacks with stateless multipath overlays

Proceedings of the 12th ACM conference on Computer and communications security
Active internet traffic filtering: real-time response to denial-of-service attacks

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Cookies along trust-boundaries (CAT): accurate and deployable flood protection

SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting SYN flooding attacks near innocent side

MSN'05 Proceedings of the First international conference on Mobile Ad-hoc and Sensor Networks
Real-time visualization of network attacks on high-speed links

IEEE Network: The Magazine of Global Internetworking

Ensemble-based DDoS detection and mitigation model

Proceedings of the Fifth International Conference on Security of Information and Networks
Automated signature extraction for high volume attacks

ANCS '13 Proceedings of the ninth ACM/IEEE symposium on Architectures for networking and communications systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.