Issue No.06 - June (2012 vol.23)
Shui Yu , Deakin University, Victoria
Wanlei Zhou , Deakin University, Victoria
Weijia Jia , City University of Hong Kong, Hong Kong
Song Guo , The University of Aizu, Aizu-Wakamatsu City
Yong Xiang , Deakin University, Victoria
Feilong Tang , Shanghai Jiao Tong University, Shanghai
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TPDS.2011.262
Distributed Denial of Service (DDoS) attack is a critical threat to the Internet, and botnets are usually the engines behind them. Sophisticated botmasters attempt to disable detectors by mimicking the traffic patterns of flash crowds. This poses a critical challenge to those who defend against DDoS attacks. In our deep study of the size and organization of current botnets, we found that the current attack flows are usually more similar to each other compared to the flows of flash crowds. Based on this, we proposed a discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows. We formulated the problem, and presented theoretical proofs for the feasibility of the proposed discrimination method in theory. Our extensive experiments confirmed the theoretical analysis and demonstrated the effectiveness of the proposed method in practice.
DDoS attacks, flash crowds, similarity, discrimination.
Shui Yu, Wanlei Zhou, Weijia Jia, Song Guo, Yong Xiang, Feilong Tang, "Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient", IEEE Transactions on Parallel & Distributed Systems, vol.23, no. 6, pp. 1073-1080, June 2012, doi:10.1109/TPDS.2011.262