Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics
Gold Coast, QLD(2009)
摘要
Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of Internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to Internet security and stability. In this paper we propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and our simulations show that the proposed methods work well. In particular, these methods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively. Furthermore, we show our proposed hybrid probability metrics can greatly reduce both false positive and false negative rates in detection.
更多查看译文
关键词
flash crowd,normal network flow,flash crowd flow,illegitimate flow,probability metrics,internet stability,anomaly flow,false negative rate,legitimate flow,distributed denial-of-service attack,internet,ddos attacks flow,internet traffic,distinguishing ddos attacks,telecommunication security,telecommunication traffic,ddos,internet security,ddos attack,probability,network flow,probability distribution,false positive,servers,distributed denial of service,distributed denial of service attack,upper bound
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要