TY - GEN
T1 - Distinguishing between FE and DDoS using randomness check
AU - Park, Hyundo
AU - Li, Peng
AU - Gao, Debin
AU - Lee, Heejo
AU - Deng, Robert H.
N1 - Funding Information:
This research was supported by the MIC, Korea, under the ITRC support program supervised by the IITA(IITA-2008-(C1090-0801-0016)), the IT R&D program of MKE/IITA(2008-S-026-01) and partially supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract(2008-SW-51-IM-02).
PY - 2008
Y1 - 2008
N2 - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.
AB - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.
KW - Distributed Denial of Service
KW - Flash Event
KW - Network Security
KW - Randomness Check
UR - http://www.scopus.com/inward/record.url?scp=56649106403&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-85886-7_9
DO - 10.1007/978-3-540-85886-7_9
M3 - Conference contribution
AN - SCOPUS:56649106403
SN - 3540858849
SN - 9783540858843
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 131
EP - 145
BT - Information Security - 11th International Conference, ISC 2008, Proceedings
T2 - 11th International Conference on Information Security, ISC 2008
Y2 - 15 September 2008 through 18 September 2008
ER -