Table of Contents
ISRN Communications and Networking
Volume 2014, Article ID 259831, 15 pages
http://dx.doi.org/10.1155/2014/259831
Research Article

A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

Department of Computer Science and Engineering, Shaheed Bhagat Singh State Technical Campus, Ferozepur, Punjab 152004, India

Received 8 February 2014; Accepted 23 March 2014; Published 13 May 2014

Academic Editors: G. Mazzini and H.-M. Sun

Copyright © 2014 Monika Sachdeva and Krishan Kumar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. Y. Chen and K. Hwang, “Collaborative change detection of DDoS attacks on community and ISP networks,” in Proceedings of the International Symposium on Collaborative Technologies and Systems (CTS '06), pp. 401–410, May 2006. View at Publisher · View at Google Scholar · View at Scopus
  2. K. Kumar, R. C. Joshi, and K. Singh, “A distributed approach using entropy to detect DDoS attacks in ISP domain,” in Proceedings of the International Conference on Signal Processing, Communications and Networking (ICSCN '07), pp. 331–337, February 2007. View at Publisher · View at Google Scholar · View at Scopus
  3. J. Jung, B. Krishnamurthy, and M. Rabinovich, “Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites,” in Proceedings of the 11th International Conference on World Wide Web (WWW '02), pp. 293–304, ACM Press, May 2002. View at Publisher · View at Google Scholar · View at Scopus
  4. B. Krishnamurthy and J. Wang, “On network-aware clustering of web clients,” in Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (ACM SIGCOMM '00), pp. 97–109, Stockholm, Sweden, August 2000.
  5. L. Niven, “Flash crowd,” in The Flight of the Horse, pp. 99–164, 1973. View at Google Scholar
  6. H. Park, P. Li, D. Gao, H. Lee, and R. H. Deng, “Distinguishing between FE and DDoS using randomness check,” in Information Security, vol. 5222 of Lecture Notes in Computer Science, pp. 131–145, 2008. View at Publisher · View at Google Scholar
  7. E. Messmer, Network World, and Arbor Networks, “Shorter, higher-speed DDoS attacks on the rise,” July 2013, http://www.networkworld.com/news/2013/073013-ddos-attacks-arbor-272319.html.
  8. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,” in Proceedings of the DARPA Information Survivability Conference & Exposition, vol. 1, pp. 303–314, IEEE CS Press, April 2003.
  9. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems, vol. 24, no. 2, pp. 115–139, 2006. View at Publisher · View at Google Scholar · View at Scopus
  10. R. B. Blazek, H. Kim, B. Rozovskii, and A. Tartakovsky, “A novel approach to detection of “Denial-of-Service” attacks via adaptive sequential and batch-sequential change-point detection methods,” in Proceedings of the IEEE Information Assurance and Security Workshop, pp. 220–226, IEEE CS Press, June 2001.
  11. R. R. Brooks, Disruptive Security Technologies with Mobile Code and Peer-To-Peer Networks, CRC Press, Boca Raton, Fla, USA, 2005.
  12. H. Wang, D. Zhang, and K. G. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 193–208, 2004. View at Publisher · View at Google Scholar · View at Scopus
  13. P. Barford, J. Kline, D. Plonka, and A. Ron, “A signal analysis of network traffic anomalies,” in Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment (IMW '02), pp. 71–82, November 2002. View at Scopus
  14. E. S. Alomari, Manickam, B. B. Gupta, S. Karuppayah, and R. Alfaris, “Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art,” International Journal of Computer Applications, vol. 49, no. 7, 2012. View at Publisher · View at Google Scholar
  15. F. Yi, S. Yu, W. Zhou, J. Hai, and A. Bonti, “Source-based filtering algorithm against DDOS attacks,” International Journal of Database Theory and Application, vol. 1, no. 1, pp. 9–20, 2008. View at Google Scholar
  16. S. Yu, T. Thapngam, J. Liu, S. Wei, and W. Zhou, “Discriminating DDoS flows from flash crowds using information distance,” in Proceedings of the 3rd International Conference on Network and System Security (NSS '09), pp. 351–356, Piscataway, NJ, USA, October 2009. View at Publisher · View at Google Scholar · View at Scopus
  17. T. M. Gil and M. Poletto, “Multops: a data-structure for bandwidth attack detection,” in Proceedings of the 10th Conference on USENIX Security Symposium, 2001.
  18. S. Bhatia, G. Mohay, A. Tickle, and E. Ahmed, “Parametric differences between a real-world distributed denial-of-service attack and a flash event,” in Proceedings of the 6th International Conference on Availability, Reliability and Security (ARES '11), pp. 210–217, August 2011. View at Publisher · View at Google Scholar · View at Scopus
  19. G. Carl, G. Kesidis, R. R. Brooks, and S. Rai, “Denial-of-service attack-detection techniques,” IEEE Internet Computing, vol. 10, no. 1, pp. 82–89, 2006. View at Publisher · View at Google Scholar · View at Scopus
  20. Y. Chen, K. Hwang, and W. S. Ku, “Distributed change-point detection of DDoS attacks: experimental results on DETER testbed,” in Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test, USENIX Association, Boston, Mass, USA, August 2007.
  21. K. Fall, “Network emulation in the VINT/NS simulator,” in Proceedings of the 4th IEEE International Symposium on Computers and Communications (ISCC '99), pp. 244–250, July 1999. View at Scopus
  22. L. Rizzo, “Dummynet and forward error correction,” in Proceedings of the Annual Conference on USENIX Annual Technical Conference, USENIX Association, New Orleans, La, USA, June 1998.
  23. B. White, J. Lepreau, L. Stoller et al., “An integrated experimental environment for distributed systems and networks,” in Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 255–270, Boston, Mass, USA, December 2002.
  24. A. Vahdat, K. Yocum, K. Walsh et al., “Scalability and accuracy in a largescale network emulator,” in Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pp. 271–284, Boston, Mass, USA, December 2002.
  25. T. Benzel, R. Braden, D. Kim et al., “Experience with deter: a testbed for security research,” in Proceedings of the 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities (TRIDENTCOM '06), pp. 379–388, Barcelona, Spain, March 2006. View at Publisher · View at Google Scholar · View at Scopus
  26. C. E. Shannon and W. Weaver, The Mathematical Theory of Communication, University of Illinois Press, 1963.
  27. R. Chertov, S. Fahmy, and N. B. Shroff, “Fidelity of network simulation and emulation: a case study of TCP-targeted denial of service attacks,” ACM Transactions on Modeling and Computer Simulation, vol. 19, no. 1, article 4, 2008. View at Publisher · View at Google Scholar · View at Scopus