About this Journal Submit a Manuscript Table of Contents
Mathematical Problems in Engineering
Volume 2012 (2012), Article ID 419319, 20 pages
http://dx.doi.org/10.1155/2012/419319
Research Article

Bound Maxima as a Traffic Feature under DDOS Flood Attacks

1Jiangsu Electronic Information Products Quality Supervision & Inspection Research Institute, China National Center for Quality Supervision and Test for the Internet of Things Products & Systems, No. 100, Jin-Shui Road, Wuxi 214073, China
2School of Information Science & Technology, East China Normal University, No. 500, Dong-Chuan Road, Shanghai 200241, China
3Department of Computer and Information Science, University of Macau Av. Padre Tomas Pereira, Taipa, Macau SAR, P.R., China
4College of Computer Science, Zhejiang University of Technology, Hangzhou 310023, China

Received 8 October 2011; Accepted 9 October 2011

Academic Editor: Thomas T. Yang

Copyright © 2012 Jie Xue et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. R. Shirey, Internet Security Glossary, RFC 2828, 2000.
  2. N. Hussain, Measurement and spectral analysis of denial of service attacks, Ph.D. dissertation, University of Southern California, 2005.
  3. S. Chebrolu, A. Abraham, and J. P. Thomas, “Feature deduction and ensemble design of intrusion detection systems,” Computers & Security, vol. 24, no. 4, pp. 295–307, 2005. View at Publisher · View at Google Scholar
  4. E. G. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion.Net Books, 1999. View at Zentralblatt MATH
  5. J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall, 2004.
  6. K. Liston, “Intrusion Detection FAQ: can you explain traffic analysis and anomaly detection?” 2004, http://www.sans.org/security-resources/idfaq/anomaly_detection.php.
  7. E. Schultz, “Intrusion prevention,” Computers and Security, vol. 23, no. 4, pp. 265–266, 2004. View at Publisher · View at Google Scholar · View at Scopus
  8. J. Leach, “TBSE—an engineering approach to the design of accurate and reliable security systems,” Computers and Security, vol. 23, no. 1, pp. 265–266, 2004. View at Publisher · View at Google Scholar · View at Scopus
  9. S. H. Oh and W. S. Lee, “An anomaly intrusion detection method by clustering normal user behavior,” Computers and Security, vol. 22, no. 7, pp. 596–612, 2003. View at Publisher · View at Google Scholar · View at Scopus
  10. F. Gong, “Deciphering detection techniques: part III denial of service detection,” White Paper, McAfee Network Security Technologies Group, 2003.
  11. S. Sorensen, “Competitive overview of statistical anomaly detection,” White Paper, Juniper Networks, 2004.
  12. S. B. Cho and H. J. Park, “Efficient anomaly detection by modeling privilege flows using hidden Markov model,” Computers and Security, vol. 22, no. 1, pp. 45–55, 2003. View at Publisher · View at Google Scholar · View at Scopus
  13. S. Cho and S. Cha, “SAD: web session anomaly detection based on parameter estimation,” Computers and Security, vol. 23, no. 7, pp. 312–319, 2004. View at Publisher · View at Google Scholar · View at Scopus
  14. R. A. Kemmerer and G. Vigna, “Intrusion detection: a brief history and overview,” Computer, vol. 35, pp. 27–30, 2002. View at Scopus
  15. E. E. Schultz, “Representing information security fairly and accurately,” Computers and Security, vol. 25, no. 4, p. 237, 2006. View at Publisher · View at Google Scholar · View at Scopus
  16. S. S. Kim, A. L. Narasimha Reddy, and M. Vannucci, “Detecting traffic anomalies through aggregate analysis of packet header data,” Lecture Notes in Computer Science, vol. 3042, pp. 1047–1059, 2004. View at Scopus
  17. M. Li, “An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition,” Computers and Security, vol. 23, no. 7, pp. 549–558, 2004. View at Publisher · View at Google Scholar · View at Scopus
  18. M. Li, “Change trend of averaged Hurst parameter of traffic under DDOS flood attacks,” Computers and Security, vol. 25, no. 3, pp. 213–220, 2006. View at Publisher · View at Google Scholar · View at Scopus
  19. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, “Non-Gaussian and long memory statistical characterizations for Internet traffic with anomalies,” IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 1, pp. 56–70, 2007. View at Publisher · View at Google Scholar · View at Scopus
  20. B. Tsybakov and N. D. Georganas, “Self-similar processes in communications networks,” Institute of Electrical and Electronics Engineers. Transactions on Information Theory, vol. 44, no. 5, pp. 1713–1725, 1998. View at Publisher · View at Google Scholar · View at Zentralblatt MATH
  21. M. Li, “Modeling autocorrelation functions of long-range dependent teletraffic series based on optimal approximation in Hilbert space-A further study,” Applied Mathematical Modelling, vol. 31, no. 3, pp. 625–631, 2007. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  22. M. Li and S. C. Lim, “Modeling network traffic using generalized Cauchy process,” Physica A, vol. 387, no. 11, pp. 2584–2594, 2008. View at Publisher · View at Google Scholar · View at Scopus
  23. M. Li and W. Zhao, “Detection of variations of local irregularity of traffic under DDOS flood attack,” Mathematical Problems in Engineering, vol. 2008, Article ID 475878, 2008. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  24. H. Michiel and K. Laevens, “Teletraffic engineering in a broad-band era,” Proceedings of the IEEE, vol. 85, no. 12, pp. 2007–2032, 1997. View at Scopus
  25. R. L. Cruz, “A calculus for network delay—I: network elements in isolation,” IEEE Transactions on Information Theory, vol. 37, no. 1, pp. 114–131, 1991. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  26. J.-Y. Le Boudec, J. Yves, and T. Patrick, Network Calculus, A Theory of Deterministic Queuing Systems for the Internet, vol. 2050 of Lecture Notes in Computer Science, Springer, Berlin, Germany, 2001. View at Publisher · View at Google Scholar
  27. S. Wang, D. Xuan, R. Bettati, and W. Zhao, “Providing absolute differentiated services for real-time applications in static-priority scheduling networks,” IEEE/ACM Transactions on Networking, vol. 12, no. 2, pp. 326–339, 2004. View at Publisher · View at Google Scholar · View at Scopus
  28. M. Li and W. Zhao, “Representation of a stochastic traffic bound,” IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 9, Article ID 5342414, pp. 1368–1372, 2010. View at Publisher · View at Google Scholar · View at Scopus
  29. M. Li and W. Zhao, “A model to partly but reliably distinguish DDOS flood traffic from aggregated one,” Mathematical Problems in Engineering, vol. 2012, Article ID 860569, 12 pages, 2012.
  30. M. Li and W. Zhao, “Asymptotic identity in min-plus algebra: a report on CPNS,” Computational and Mathematical Methods in Medicine, vol. 2012, Article ID 154038, 11 pages, 2012.
  31. J. McHugh, “Testing intrusion detection systems: a critique of the 1988 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions Information System Security, vol. 3, no. 4, pp. 262–294, 2000.
  32. J. W. Haines, L. M. Rossey, R. Lippmann, and R. K. Cunningharm, “Extending the DARPA off-line intrusion detection evaluations,” in Proceedings of the DARPA Information Survivability Conference and Exposition II, vol. 1, pp. 77–88, IEEE, Anaheim, Calif, USA, 2001.
  33. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,” in Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314, Washington, DC, USA, 2003.
  34. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, 2000. View at Publisher · View at Google Scholar · View at Scopus
  35. L. Garber, “Denial-of-service attacks rip the internet,” Computer, vol. 33, no. 4, pp. 12–17, 2000.
  36. D. Moore, G. M. Veolker, and S. Savage, “Inferring internet denial-of-service activity,” in Proceedings of the 10th USENIX Security Symposium, 2001.
  37. R. Mahajan, S. M. Bellovin, and S. Floyd, “Controlling high bandwidth aggregates in the network,” vol. 32, no. 3, pp. 62–73. View at Publisher · View at Google Scholar · View at Scopus
  38. A. Lakhina, M. Crovella, and C. Diot, “Characterization of network-wide anomalies in traffic flows,” in Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC '04), pp. 201–206, Sicily, Italy, October 2004. View at Scopus
  39. P. Barford and D. Plonka, “Characteristics of network traffic flow anomalies,” in Proceedings of the 1st ACM SIGCOMM Internet Measurement Workshop (IMW '01), pp. 69–73, San Francisco, Calif, USA, November 2001. View at Scopus
  40. V. A. Siris and F. Papagalou, “Application of anomaly detection algorithms for detecting SYN flooding attacks,” Computer Communications, vol. 29, no. 9, pp. 1433–1442, 2006. View at Publisher · View at Google Scholar · View at Scopus
  41. H. Wang, D. Zhang, and K. G. Shin, “Detecting SYN flooding attacks,” in Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 1530–1539, New York, NY, USA, June 2002. View at Scopus
  42. M. Li, J. Li, and W. Zhao, “Simulation study of flood attacking of DDOS,” in Proceedings of the IEEE 3rd International Conference on Internet Computing in Science and Engineering (ICICSE '08), pp. 289–293, Harbin, China, 2008.
  43. R. Bettati, W. Zhao, and D. Teodor, “Real-time intrusion detection and suppression in ATM networks,” in Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 111–118, 1999.
  44. K. S. Fu, Ed., Digital Pattern Recognition, Springer, 2nd edition, 1980.
  45. M. Basseville, “Distance measures for signal processing and pattern recognition,” Signal Processing, vol. 18, no. 4, pp. 349–369, 1989. View at Publisher · View at Google Scholar
  46. M. Li, “An iteration method to adjusting random loading for a laboratory fatigue test,” International Journal of Fatigue, vol. 27, no. 7, pp. 783–789, 2005. View at Publisher · View at Google Scholar · View at Scopus