Discriminating Flash Events from DDoS Attacks: A Comprehensive Review
نویسندگان
چکیده
Millions of people across the globe access Internet-based applications and web services in their day to day activities. Distributed Denial of Service (DDoS) attack is one of the prominent attacks that cripple down the computing and communication resources of a web server hosting these services and applications. The situation turns further crucial when DDoS attacks are launch during similar looking legitimate traffic called a flash event (FE). Both DDoS attacks and FEs causes a sudden surge in the network traffic leading to delay in the responses from the web server. It often leads to massive financial losses, and thus, require timely actions. This paper presents a comprehensive review that broadly discusses the DDoS and FE problem, and recapitulates the recently published strategies in this field. As part of the work, a pragmatic list of rationales to discriminate the two has been proposed. This list can help the researcher community for better understanding the problem and can provide more effective solutions to the ongoing problem of discriminating DDoS attacks from FEs.
منابع مشابه
Discriminating DDoS Attack traffic from Flash Crowds on Internet Threat Monitors (ITM) Using Entropy variations
Internet threat Monitoring (ITM) is a monitoring system in the internet to detect, measure, characterize and track the security attacks against attack sources. Distributed Denial of Service (DDoS) is a serious threat to the internet. Attacker uses botnets to launch DDoS attack by sending malicious traffic and the goal is to exhaust ITM network resources such as utilization of network bandwidth,...
متن کاملDetection and defense of application-layer DDoS attacks in backbone web traffic
Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are somemethods designed to handle the AL-DDoS attacks, but most of th...
متن کاملA Model to Partly but Reliably Distinguish DDOS Flood Traffic from Aggregated One
Reliable distinguishing DDOS flood traffic from aggregated traffic is desperately desired by reliable prevention of DDOS attacks. By reliable distinguishing, we mean that flood traffic can be distinguished from aggregated one for a predetermined probability. The basis to reliably distinguish flood traffic from aggregated one is reliable detection of signs of DDOS flood attacks. As is known, rel...
متن کاملBehavior-based Clustering for Discrimination between Flash Crowds and DDoS Attacks
We propose discrimination methods that classify cluster of traffic behaviour of flash crowds and DDoS attacks such as traffic pattern and characteristics and check cluster randomness. The behavior-based clustering consolidates packet into clusters based on similarity of observed behavior, e.g., source IPs are clustered together based on their pattern of destination port usage. The main objectiv...
متن کاملDistinguishing between FE and DDoS Using Randomness Check
Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this pape...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- I. J. Network Security
دوره 19 شماره
صفحات -
تاریخ انتشار 2017