- About this Journal ·
- Abstracting and Indexing ·
- Aims and Scope ·
- Annual Issues ·
- Article Processing Charges ·
- Articles in Press ·
- Author Guidelines ·
- Bibliographic Information ·
- Citations to this Journal ·
- Contact Information ·
- Editorial Board ·
- Editorial Workflow ·
- Free eTOC Alerts ·
- Publication Ethics ·
- Reviewers Acknowledgment ·
- Submit a Manuscript ·
- Subscription Information ·
- Table of Contents
Mathematical Problems in Engineering
Volume 2012 (2012), Article ID 419319, 20 pages
Bound Maxima as a Traffic Feature under DDOS Flood Attacks
1Jiangsu Electronic Information Products Quality Supervision & Inspection Research Institute, China National Center for Quality Supervision and Test for the Internet of Things Products & Systems, No. 100, Jin-Shui Road, Wuxi 214073, China
2School of Information Science & Technology, East China Normal University, No. 500, Dong-Chuan Road, Shanghai 200241, China
3Department of Computer and Information Science, University of Macau Av. Padre Tomas Pereira, Taipa, Macau SAR, P.R., China
4College of Computer Science, Zhejiang University of Technology, Hangzhou 310023, China
Received 8 October 2011; Accepted 9 October 2011
Academic Editor: Thomas T. Yang
Copyright © 2012 Jie Xue et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
- R. Shirey, Internet Security Glossary, RFC 2828, 2000.
- N. Hussain, Measurement and spectral analysis of denial of service attacks, Ph.D. dissertation, University of Southern California, 2005.
- S. Chebrolu, A. Abraham, and J. P. Thomas, “Feature deduction and ensemble design of intrusion detection systems,” Computers & Security, vol. 24, no. 4, pp. 295–307, 2005.
- E. G. Amoroso, Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion.Net Books, 1999.
- J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall, 2004.
- K. Liston, “Intrusion Detection FAQ: can you explain traffic analysis and anomaly detection?” 2004, http://www.sans.org/security-resources/idfaq/anomaly_detection.php.
- E. Schultz, “Intrusion prevention,” Computers and Security, vol. 23, no. 4, pp. 265–266, 2004.
- J. Leach, “TBSE—an engineering approach to the design of accurate and reliable security systems,” Computers and Security, vol. 23, no. 1, pp. 265–266, 2004.
- S. H. Oh and W. S. Lee, “An anomaly intrusion detection method by clustering normal user behavior,” Computers and Security, vol. 22, no. 7, pp. 596–612, 2003.
- F. Gong, “Deciphering detection techniques: part III denial of service detection,” White Paper, McAfee Network Security Technologies Group, 2003.
- S. Sorensen, “Competitive overview of statistical anomaly detection,” White Paper, Juniper Networks, 2004.
- S. B. Cho and H. J. Park, “Efficient anomaly detection by modeling privilege flows using hidden Markov model,” Computers and Security, vol. 22, no. 1, pp. 45–55, 2003.
- S. Cho and S. Cha, “SAD: web session anomaly detection based on parameter estimation,” Computers and Security, vol. 23, no. 7, pp. 312–319, 2004.
- R. A. Kemmerer and G. Vigna, “Intrusion detection: a brief history and overview,” Computer, vol. 35, pp. 27–30, 2002.
- E. E. Schultz, “Representing information security fairly and accurately,” Computers and Security, vol. 25, no. 4, p. 237, 2006.
- S. S. Kim, A. L. Narasimha Reddy, and M. Vannucci, “Detecting traffic anomalies through aggregate analysis of packet header data,” Lecture Notes in Computer Science, vol. 3042, pp. 1047–1059, 2004.
- M. Li, “An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition,” Computers and Security, vol. 23, no. 7, pp. 549–558, 2004.
- M. Li, “Change trend of averaged Hurst parameter of traffic under DDOS flood attacks,” Computers and Security, vol. 25, no. 3, pp. 213–220, 2006.
- A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, “Non-Gaussian and long memory statistical characterizations for Internet traffic with anomalies,” IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 1, pp. 56–70, 2007.
- B. Tsybakov and N. D. Georganas, “Self-similar processes in communications networks,” Institute of Electrical and Electronics Engineers. Transactions on Information Theory, vol. 44, no. 5, pp. 1713–1725, 1998.
- M. Li, “Modeling autocorrelation functions of long-range dependent teletraffic series based on optimal approximation in Hilbert space-A further study,” Applied Mathematical Modelling, vol. 31, no. 3, pp. 625–631, 2007.
- M. Li and S. C. Lim, “Modeling network traffic using generalized Cauchy process,” Physica A, vol. 387, no. 11, pp. 2584–2594, 2008.
- M. Li and W. Zhao, “Detection of variations of local irregularity of traffic under DDOS flood attack,” Mathematical Problems in Engineering, vol. 2008, Article ID 475878, 2008.
- H. Michiel and K. Laevens, “Teletraffic engineering in a broad-band era,” Proceedings of the IEEE, vol. 85, no. 12, pp. 2007–2032, 1997.
- R. L. Cruz, “A calculus for network delay—I: network elements in isolation,” IEEE Transactions on Information Theory, vol. 37, no. 1, pp. 114–131, 1991.
- J.-Y. Le Boudec, J. Yves, and T. Patrick, Network Calculus, A Theory of Deterministic Queuing Systems for the Internet, vol. 2050 of Lecture Notes in Computer Science, Springer, Berlin, Germany, 2001.
- S. Wang, D. Xuan, R. Bettati, and W. Zhao, “Providing absolute differentiated services for real-time applications in static-priority scheduling networks,” IEEE/ACM Transactions on Networking, vol. 12, no. 2, pp. 326–339, 2004.
- M. Li and W. Zhao, “Representation of a stochastic traffic bound,” IEEE Transactions on Parallel and Distributed Systems, vol. 21, no. 9, Article ID 5342414, pp. 1368–1372, 2010.
- M. Li and W. Zhao, “A model to partly but reliably distinguish DDOS flood traffic from aggregated one,” Mathematical Problems in Engineering, vol. 2012, Article ID 860569, 12 pages, 2012.
- M. Li and W. Zhao, “Asymptotic identity in min-plus algebra: a report on CPNS,” Computational and Mathematical Methods in Medicine, vol. 2012, Article ID 154038, 11 pages, 2012.
- J. McHugh, “Testing intrusion detection systems: a critique of the 1988 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory,” ACM Transactions Information System Security, vol. 3, no. 4, pp. 262–294, 2000.
- J. W. Haines, L. M. Rossey, R. Lippmann, and R. K. Cunningharm, “Extending the DARPA off-line intrusion detection evaluations,” in Proceedings of the DARPA Information Survivability Conference and Exposition II, vol. 1, pp. 77–88, IEEE, Anaheim, Calif, USA, 2001.
- L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,” in Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314, Washington, DC, USA, 2003.
- R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, “The 1999 DARPA off-line intrusion detection evaluation,” Computer Networks, vol. 34, no. 4, pp. 579–595, 2000.
- L. Garber, “Denial-of-service attacks rip the internet,” Computer, vol. 33, no. 4, pp. 12–17, 2000.
- D. Moore, G. M. Veolker, and S. Savage, “Inferring internet denial-of-service activity,” in Proceedings of the 10th USENIX Security Symposium, 2001.
- R. Mahajan, S. M. Bellovin, and S. Floyd, “Controlling high bandwidth aggregates in the network,” vol. 32, no. 3, pp. 62–73.
- A. Lakhina, M. Crovella, and C. Diot, “Characterization of network-wide anomalies in traffic flows,” in Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC '04), pp. 201–206, Sicily, Italy, October 2004.
- P. Barford and D. Plonka, “Characteristics of network traffic flow anomalies,” in Proceedings of the 1st ACM SIGCOMM Internet Measurement Workshop (IMW '01), pp. 69–73, San Francisco, Calif, USA, November 2001.
- V. A. Siris and F. Papagalou, “Application of anomaly detection algorithms for detecting SYN flooding attacks,” Computer Communications, vol. 29, no. 9, pp. 1433–1442, 2006.
- H. Wang, D. Zhang, and K. G. Shin, “Detecting SYN flooding attacks,” in Proceedings of the 21st Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 1530–1539, New York, NY, USA, June 2002.
- M. Li, J. Li, and W. Zhao, “Simulation study of flood attacking of DDOS,” in Proceedings of the IEEE 3rd International Conference on Internet Computing in Science and Engineering (ICICSE '08), pp. 289–293, Harbin, China, 2008.
- R. Bettati, W. Zhao, and D. Teodor, “Real-time intrusion detection and suppression in ATM networks,” in Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp. 111–118, 1999.
- K. S. Fu, Ed., Digital Pattern Recognition, Springer, 2nd edition, 1980.
- M. Basseville, “Distance measures for signal processing and pattern recognition,” Signal Processing, vol. 18, no. 4, pp. 349–369, 1989.
- M. Li, “An iteration method to adjusting random loading for a laboratory fatigue test,” International Journal of Fatigue, vol. 27, no. 7, pp. 783–789, 2005.