CALD: Surviving various application-layer DDoS attacks that mimic flash crowd

Proceedings - 2010 4th International Conference on Network and System Security, NSS 2010

Volumn , Issue , 2010, Pages 247-254

  Wen, Sheng ^a   Jia, Weijia ^a   Zhou, Wei ^a   Zhou, Wanlei ^b   Xu, Chuan ^c  

^a CENTRAL SOUTH UNIVERSITY   (China)

^b DEAKIN UNIVERSITY   (Australia)

^c CHONGQING UNIVERSITY   (China)

Author keywords

Application layer; DDoS; Information theory; Kalman filter

Indexed keywords

ATTACK DETECTION; ATTACK TRAFFIC; AVERAGE FREQUENCY; BASIC PROPERTIES; DDOS; DDOS ATTACK; DISTRIBUTED DENIAL OF SERVICE ATTACK; FLASH CROWD; FLASH CROWD EVENTS; NEW APPLICATIONS; REAL-TIME DETECTION; SECURITY MODULES; WEB SERVERS;

HTTP; INFORMATION THEORY; INTERNET PROTOCOLS; KALMAN FILTERS; NETWORK SECURITY; REAL TIME SYSTEMS; SENSORS; WEB SERVICES; WEBSITES;

COMPUTER CRIME;

EID: 78650391156     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NSS.2010.69     Document Type: Conference Paper

References (27)

1. CERT. Incident Note IN-2004-01 W32/Novarg.A Virus, 2004.
2. CERT. Incident Note IN-2001-10 "Code Red" Worm Crashes IIS 4.0 Servers with URL Redirection Enables, 2001.
3. Kevin Poulsen. FBI busts alleged DDoS Mafia, http://www.securityfocus. com/news/9411, 2004.
4. J.Leyden. East European Gangs in Online Protection Racket, http://www.theregister.co.uk/2003/11/12/east-european-gangs-in-online/, 2003.
5. Martyn Williams and Jeremy Kirk. Updated MyDoom responsible for DDOS attacks, http://www.networkworld.com/news/2009/070809-updated-mydoom- responsible-for-ddos.html?ap1=rcb, 2009.
6. Chuck Miller. Russia Confirms involvement with Estonia DDoS Attacks, http://www.scmagazineus.com/russia-confirms-involvementwith-estonia-ddos- attacks/article/128737/, 2010.
7. Dancho Danchev. The DDoS Attack against CNN.com, http://ddanchev. blogspot.com/2008/04/ddos-attackagainst-cnncom.html, 2008.
8. SOHU News. Botnet has formed industry chain, http://news.sohu.com/ 20091126/n268475118.shtml, 2009.
9. BBC News. How cyber criminals attack Websites. http://news.bbc.co.uk/2/ hi/programmes/click-online/7940485.stm, 2009.
10. B.Krishnamurthy and J.Wang. On Network-Aware Clustering of Web Clients, in Proceedings of the ACM SIGCOMM, Stockholm, Sweden, 2000.
11. Ratul Mahajan et al. Controlling High bandwidth Aggregates in the Network, ACM Computer Communication Review, 2002.
12. Jouni Viinikka, Herve Debar, Ludovic Me et al. Processing Intrusion Detection Alerts Aggregates with Time Series Modeling, Information Fusion, Elsevier, 2009.
13. Wei Lu and Ali A. Ghorbani. Network Anomaly Detection Based on Wavelet Analysis, EURASIP Journal on Advances in Signal Processing, Hindawi Publishing Corporation, 2009.
14. Georgios Oikonomou and Jelena Mirkovic, Modeling Human Behaviour for Defense against Flash-Crowd Attacks, IEEE International Conference on Communications, 2009.
15. A.Broder and M.Mitzenmacher, Network Applications of Bloom Filters: A Survey. Internet Math, Volume 1, Number 4, 2003.
16. Ioannis Ioannidis, Ananth Grama and Mikhail Atallah, Adaptive Data Structures for IP Lookips. In Proceedings of the IEEE Computer and Communications Societies (Infocom), 2003.
17. Andrei Broder and Michael Mitzenmacher, Using Multiple Hash Functions to Improve IP Lookups. In Proceedings of the IEEE Computer and Communications Societies (Infocom), 2001.
18. Jaeyeon Jung, Balachander Krishnamurthy and Michael Rabinovich, Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites. In Proceedings of the 11th International World Wide Web Conference (WWW), Honolulu, Hawaii, USA, 2002.
19. L.von Ahn, Manuel Blun, Nicholas J.Hopper and John Lanford, CAPTCHA: Using Hard AI Problems for Security. In Proceedings of EUROCRYPT, pp.294-311, 2003.
20. nd Symposium on Networked Systems Design & Implementation (USENIX NSDI), 2005.
21. Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal and Edward Knightly. DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection. In Proceedings of the IEEE Computer and Communications Societies (Infocom), 2006.
22. Yi Xie and Shun-Zheng Yu, A Large-Sclae hidden Semi-Markov Model for Anomay Detection on User Browsing Behaviours. IEEE/ACM Transactions on Networking, vol.17, 2009.
23. Yi Xie and Shun-Zheng Yu, Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking, vol.17, 2009.
24. Simon Byers, Aviel D.Rubin and David Kormann, Defending Against an Internet-Based Attack on the Physical World. ACM Transactions on Internet Technology, vol.4, page.239-254, 2004.
25. Paul barford, Jeffery Kline, David Plonka and Amos Ron, A Signal Analysis of Network Traffic Anomalies. In Proceedings of ACM SIGCOMM Internet Measurement Workshop, 2002.
26. Takeshi Yatagai, Takamasa Isohara and Iwao Sasase, Detection of HTTP-GET Flood Attack Based on Analysis of Page Access Behaviour. In Proceedings of IEEE Pacific Rim Conference onCommunications Computers and Signal Processing, 2007.
27. George Box, Gwilym M.Jenkins and Gregory C.Reinsel, Time Series Analysis: Forecasting and Control, Third Edition, Prentice Hall, 199