Parametric differences between a real-world Distributed Denial-of-Service attack and a Flash Event

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 210-217

  Bhatia, Sajal ^a   Mohay, George ^a   Tickle, Alan ^a   Ahmed, Ejaz ^a  

^a QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Botnet; Distributed Denial of Service (DDoS); Flash Event; Network security

Indexed keywords

BOTNET; DATA SETS; DDOS ATTACK; DENIAL OF SERVICE ATTACKS; DISTRIBUTED DENIAL OF SERVICE; DISTRIBUTED DENIAL OF SERVICE ATTACK; FLASH EVENT; INTERNET ACTIVITY;

INTERNET; TELECOMMUNICATION NETWORKS;

NETWORK SECURITY;

EID: 80455144626     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.39     Document Type: Conference Paper

References (29)

1. L. Garber, "Denial-of-service attacks rip the Internet," Computer, vol. 33, no. 4, pp. 12-17, 2000.
2. J. Nazario, "Political DDoS: Estonia and Beyond ," in Invited Talk, in 17th USENIX Security Symposium, July 28-Aug 1, 2008, San Jose, CA, USA, 2008.
3. R. Chang, "Defending against flooding-based distributed denial-of service attacks: A tutorial," Communications Magazine, IEEE, vol. 40, no. 10, pp. 42-51, 2002. (Pubitemid 35311945)
4. L. Niven, "Flash crowd," The Flight of the Horse. Ballantine Books, 1971.
5. J. Borland, "Net video not yet ready for prime time," CNET News. com. February, vol. 5, 1999.
6. J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites," in Proceedings of the 11th international conference on World Wide Web, pp. 293-304, ACM, 2002.
7. P. Hick, E. Aben, K. Claffy, and J. Polterock, "The caida "ddos attack 2007" dataset.
8. M. Arlitt and T. Jin, ""1998 world cup web site access logs"," August 1998.
9. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling high bandwidth aggregates in the network," ACM SIGCOMM Computer Communication Review, vol. 32, no. 3, p. 73, 2002.
10. A. Cearns, Design of an Autonomous Anti-DDoS network (A2D2). PhD thesis, Citeseer, 2002.
11. L. Limwiwatkul and A. Rungsawangr, "Distributed denial of service detection using TCP/IP header and traffic measurement analysis
12. Yifu Feng, Rui Guo, Dongqi Wang, and Z. Bencheng, "Research on the Active DDoS Filtering Algorithm Based on IP Flow," in Proceedings of the 2009 Fifth International Conference on Natural Computation, 2009.
13. K. Kumar, R. Joshi, and K. Singh, "A distributed approach using entropy to detect DDoS attacks in ISP domain," in Signal Processing, Communications and Networking, 2007. ICSCN'07. International Conference on, pp. 331-337, IEEE, 2007. (Pubitemid 47304132)
14. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical approaches to DDoS attack detection and response," in DARPA Information Survivability Conference and Exposition, 2003. Proceedings, vol. 1, pp. 303-314, IEEE, 2003.
15. T. Peng, C. Leckie, and K. Ramamohanarao, "Protection from distributed denial of service attacks using history-based IP filtering," in IEEE International Conference on Communications, 2003. ICC'03, pp. 482-486, 2003.
16. E. Ahmed, G. Mohay, A. Tickle, and S. Bhatia, "Use of ip addresses for high rate flooding attack detection," in Proceedings of 25th International Information Security Conference (SEC 2010) : Security & Privacy : Silver Linings in the Cloud, Brisbane, Australia, 2010.
17. J. Cabrera, L. Lewis, X. Qin, W. Lee, and R. Mehra, "Proactive intrusion detection and distributed denial of service attacks: A case study in security management," Journal of Network and Systems Management, vol. 10, no. 2, pp. 225-254, 2002.
18. C. Bao, "Intrusion Detection Based on One-class SVM and SNMP MIB Data," in 2009 Fifth International Conference on Information Assurance and Security, pp. 346-349, IEEE, 2009.
19. J. Yu, H. Lee, M. Kim, and D. Park, "Traffic flooding attack detection with SNMP MIB using SVM," Computer Communications, vol. 31, no. 17, pp. 4212-4219, 2008.
20. L. Von Ahn, M. Blum, and J. Langford, "Telling humans and computers apart automatically," Communications of the ACM, vol. 47, no. 2, pp. 56-60, 2004.
21. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds," in Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2, pp. 287-300, USENIX Association, 2005.
22. G. Mori and J. Malik, "Recognizing objects in adversarial clutter: Breaking a visual CAPTCHA," 2003.
23. H. Park, P. Li, D. Gao, H. Lee, and R. Deng, "Distinguishing between FE and DDoS Using Randomness Check," Information Security, pp. 131-145, 2008.
24. Y. Xie and S. Yu, "Detecting Shrew HTTP Flood Attacks for Flash Crowds," Computational Science-ICCS 2007, pp. 640-647, 2007. (Pubitemid 350269702)
25. A. Kuzmanovic and E. Knightly, "Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants," in Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, p. 86, ACM, 2003.
26. Q. Le, M. Zhanikeev, and Y. Tanaka, "Methods of Distinguishing Flash Crowds from Spoofed DoS Attacks," in Next Generation Internet Networks, 3rd EuroNGI Conference on, pp. 167-173, IEEE, 2007. (Pubitemid 47439984)
27. S. Yu, T. Thapngam, J. Liu, S. Wei, and W. Zhou, "Discriminating DDoS Flows from Flash Crowds Using Information Distance," in Network and System Security, 2009. NSS'09. Third International Conference on, pp. 351-356, IEEE, 2009.
28. M. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging," in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, p. 5, USENIX Association, 2007.
29. B. Krishnamurthy and J. Wang, "On network-aware clustering of web clients," in Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 97-110, ACM, 2000.