Detection of Variations of Local Irregularity of Traffic under DDOS Flood Attack
نویسندگان
چکیده
The aim of distributed denial-of-service DDOS flood attacks is to overwhelm the attacked site or to make its service performance deterioration considerably by sending flood packets to the target from the machines distributed all over the world. This is a kind of local behavior of traffic at the protected site because the attacked site can be recovered to its normal service state sooner or later even though it is in reality overwhelmed during attack. From a view of mathematics, it can be taken as a kind of short-range phenomenon in computer networks. In this paper, we use the Hurst parameter H to measure the local irregularity or self-similarity of traffic under DDOS flood attack provided that fractional Gaussian noise fGn is used as the traffic model. As flood attack packets of DDOS make the H value of arrival traffic vary significantly away from that of traffic normally arriving at the protected site, we discuss a method to statistically detect signs of DDOS flood attacks with predetermined detection probability and false alarm probability.
منابع مشابه
F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملA Model to Partly but Reliably Distinguish DDOS Flood Traffic from Aggregated One
Reliable distinguishing DDOS flood traffic from aggregated traffic is desperately desired by reliable prevention of DDOS attacks. By reliable distinguishing, we mean that flood traffic can be distinguished from aggregated one for a predetermined probability. The basis to reliably distinguish flood traffic from aggregated one is reliable detection of signs of DDOS flood attacks. As is known, rel...
متن کاملA Real-Time and Reliable Approach to Detecting Traffic Variations at Abnormally High and Low Rates
Abnormal variations of traffic are conventionally considered to occur under the condition that traffic rate is abnormally high in the cases, such as traffic congestions or traffic under distributed denial-of-service (DDOS) flood attacks. Various methods in detecting traffic variations at abnormally high rate have been reported. We note that a recent paper by Kuzmanovic and Knightly, which expla...
متن کاملDDoS: Flood vs. Shrew
Distributed Denial of Service (DDoS) attack is one of the greatest threats to connectivity, continuity, and availability of the Internet. In this paper, two typical types of DDoS attacks, high-rate (Flood) and low-rate (Shrew), are studied on their generation principles, mechanism utilizations, behaviors, signatures, and attack performances. Experiment results show that: (I) high-rate DDoS send...
متن کاملNote on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking
Distributed denial-of-service DDoS flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li’s work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the H...
متن کامل