Distinguishing between FE and DDoS using randomness check

Hyundo Park, Peng Li, Debin Gao, Heejo Lee, Robert H. Deng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages131-145
Number of pages15
Volume5222 LNCS
DOIs
Publication statusPublished - 2008 Nov 28
Event11th International Conference on Information Security, ISC 2008 - Taipei, Taiwan, Province of China
Duration: 2008 Sep 152008 Sep 18

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5222 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other11th International Conference on Information Security, ISC 2008
CountryTaiwan, Province of China
CityTaipei
Period08/9/1508/9/18

Fingerprint

Denial of Service
Flash
Randomness
Attack
Computer networks
DDoS
Data storage equipment
Denial-of-service attack
Computer Networks
Networking
Thread
High Speed
Trace
Necessary
Evaluation

Keywords

  • Distributed Denial of Service
  • Flash Event
  • Network Security
  • Randomness Check

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Park, H., Li, P., Gao, D., Lee, H., & Deng, R. H. (2008). Distinguishing between FE and DDoS using randomness check. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5222 LNCS, pp. 131-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5222 LNCS). https://doi.org/10.1007/978-3-540-85886-7_9

Distinguishing between FE and DDoS using randomness check. / Park, Hyundo; Li, Peng; Gao, Debin; Lee, Heejo; Deng, Robert H.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5222 LNCS 2008. p. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5222 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Park, H, Li, P, Gao, D, Lee, H & Deng, RH 2008, Distinguishing between FE and DDoS using randomness check. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 5222 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5222 LNCS, pp. 131-145, 11th International Conference on Information Security, ISC 2008, Taipei, Taiwan, Province of China, 08/9/15. https://doi.org/10.1007/978-3-540-85886-7_9
Park H, Li P, Gao D, Lee H, Deng RH. Distinguishing between FE and DDoS using randomness check. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5222 LNCS. 2008. p. 131-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-85886-7_9
Park, Hyundo ; Li, Peng ; Gao, Debin ; Lee, Heejo ; Deng, Robert H. / Distinguishing between FE and DDoS using randomness check. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5222 LNCS 2008. pp. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{a70ac7b636a744bd903002b621ad51d1,
title = "Distinguishing between FE and DDoS using randomness check",
abstract = "Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.",
keywords = "Distributed Denial of Service, Flash Event, Network Security, Randomness Check",
author = "Hyundo Park and Peng Li and Debin Gao and Heejo Lee and Deng, {Robert H.}",
year = "2008",
month = "11",
day = "28",
doi = "10.1007/978-3-540-85886-7_9",
language = "English",
isbn = "3540858849",
volume = "5222 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "131--145",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Distinguishing between FE and DDoS using randomness check

AU - Park, Hyundo

AU - Li, Peng

AU - Gao, Debin

AU - Lee, Heejo

AU - Deng, Robert H.

PY - 2008/11/28

Y1 - 2008/11/28

N2 - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

AB - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

KW - Distributed Denial of Service

KW - Flash Event

KW - Network Security

KW - Randomness Check

UR - http://www.scopus.com/inward/record.url?scp=56649106403&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=56649106403&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-85886-7_9

DO - 10.1007/978-3-540-85886-7_9

M3 - Conference contribution

SN - 3540858849

SN - 9783540858843

VL - 5222 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 131

EP - 145

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -