Distinguishing between FE and DDoS using randomness check

Hyundo Park; Peng Li; Debin Gao; Heejo Lee; Robert H. Deng

doi:10.1007/978-3-540-85886-7_9

Distinguishing between FE and DDoS using randomness check

Hyundo Park, Peng Li, Debin Gao, Heejo Lee, Robert H. Deng

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

21 Citations (Scopus)

Abstract

Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

Original language	English
Title of host publication	Information Security - 11th International Conference, ISC 2008, Proceedings
Pages	131-145
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-540-85886-7_9
Publication status	Published - 2008
Event	11th International Conference on Information Security, ISC 2008 - Taipei, Taiwan, Province of China Duration: 2008 Sep 15 → 2008 Sep 18

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5222 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	11th International Conference on Information Security, ISC 2008
Country/Territory	Taiwan, Province of China
City	Taipei
Period	08/9/15 → 08/9/18

Keywords

Distributed Denial of Service
Flash Event
Network Security
Randomness Check

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-85886-7_9

Cite this

Park, H., Li, P., Gao, D., Lee, H., & Deng, R. H. (2008). Distinguishing between FE and DDoS using randomness check. In Information Security - 11th International Conference, ISC 2008, Proceedings (pp. 131-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5222 LNCS). https://doi.org/10.1007/978-3-540-85886-7_9

Distinguishing between FE and DDoS using randomness check. / Park, Hyundo; Li, Peng; Gao, Debin; Lee, Heejo; Deng, Robert H.

Information Security - 11th International Conference, ISC 2008, Proceedings. 2008. p. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5222 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Park, H, Li, P, Gao, D, Lee, H & Deng, RH 2008, Distinguishing between FE and DDoS using randomness check. in Information Security - 11th International Conference, ISC 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5222 LNCS, pp. 131-145, 11th International Conference on Information Security, ISC 2008, Taipei, Taiwan, Province of China, 08/9/15. https://doi.org/10.1007/978-3-540-85886-7_9

Park H, Li P, Gao D, Lee H, Deng RH. Distinguishing between FE and DDoS using randomness check. In Information Security - 11th International Conference, ISC 2008, Proceedings. 2008. p. 131-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-85886-7_9

@inproceedings{a70ac7b636a744bd903002b621ad51d1,

title = "Distinguishing between FE and DDoS using randomness check",

abstract = "Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.",

keywords = "Distributed Denial of Service, Flash Event, Network Security, Randomness Check",

author = "Hyundo Park and Peng Li and Debin Gao and Heejo Lee and Deng, {Robert H.}",

note = "Funding Information: This research was supported by the MIC, Korea, under the ITRC support program supervised by the IITA(IITA-2008-(C1090-0801-0016)), the IT R&D program of MKE/IITA(2008-S-026-01) and partially supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract(2008-SW-51-IM-02).; 11th International Conference on Information Security, ISC 2008 ; Conference date: 15-09-2008 Through 18-09-2008",

year = "2008",

doi = "10.1007/978-3-540-85886-7_9",

language = "English",

isbn = "3540858849",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "131--145",

booktitle = "Information Security - 11th International Conference, ISC 2008, Proceedings",

}

TY - GEN

T1 - Distinguishing between FE and DDoS using randomness check

AU - Park, Hyundo

AU - Li, Peng

AU - Gao, Debin

AU - Lee, Heejo

AU - Deng, Robert H.

N1 - Funding Information: This research was supported by the MIC, Korea, under the ITRC support program supervised by the IITA(IITA-2008-(C1090-0801-0016)), the IT R&D program of MKE/IITA(2008-S-026-01) and partially supported by Defense Acquisition Program Administration and Agency for Defense Development under the contract(2008-SW-51-IM-02).

PY - 2008

Y1 - 2008

N2 - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

AB - Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

KW - Distributed Denial of Service

KW - Flash Event

KW - Network Security

KW - Randomness Check

UR - http://www.scopus.com/inward/record.url?scp=56649106403&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-85886-7_9

DO - 10.1007/978-3-540-85886-7_9

M3 - Conference contribution

AN - SCOPUS:56649106403

SN - 3540858849

SN - 9783540858843

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 131

EP - 145

BT - Information Security - 11th International Conference, ISC 2008, Proceedings

T2 - 11th International Conference on Information Security, ISC 2008

Y2 - 15 September 2008 through 18 September 2008

ER -

Distinguishing between FE and DDoS using randomness check

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this