Abstract
Distributed computing technology is widely used by Internet-based business applications. Supply chain management (SCM), customer relationship management (CRM), e-Commerce, and banking are some of the applications employing distributed computing. These applications are the main target to massive attacks known as distributed denial-of-service (DDoS) that cause a denial of service or degradation of services being rendered. The servers that provide reliable services to genuine users in a distributed environment are victims of such attacks that flood fake requests that appear genuine. Flash crowd, on the other hand, is the huge amount of traffic caused by certain flash events (FEs) that mimics DDoS attacks. Detection of DDoS attacks in the wake of flash crowds is a challenging problem to be addressed. The existing solutions are generally meant for either flash crowds or DDoS attacks and more research is needed to have a comprehensive approach for catering to the needs of detection of spoofed and non-spoofed variants of DDoS attacks. This paper proposes a methodology that can detect aforementioned DDoS attacks and differentiate them from flash crowds. NS-2 simulations are carried out on Ubuntu platform for validating the effectiveness of the proposed methodology.
Highlights
The Internet has become a backbone of many distributed applications where the location of servers is not important from a user perspective
Different methods identified in the literature include entropy variations on Internet Threat Monitors (ITMs), temporal and spatial locality behavior, real-time frequency vector-based approach, information metric approach, traffic cluster entropy, Artificial Neural Network (ANN), spectral clustering technique, distributed denial-of-service (DDoS) Transmission Control Protocol (TCP) flood attack detection, sFlow with security-centric software-defined networking (SDN), evidence gathering approach, partial rank correlation, self-organizing feature map, anonymous profile-based anomaly detection, adaptive probabilistic filter scheduling, user clicks identification, and proxy-based temporal and spatial locality behavior models
We proposed a hybrid approach for comprehensive understanding and differentiation between DDoS attacks and flash crowds
Summary
The Internet has become a backbone of many distributed applications where the location of servers is not important from a user perspective. Sachdeva et al [20] employed optimal thresholds for traffic cluster entropy and utilized receiver operating characteristic curve (ROC), detection rates and false positive rates for evaluating their method Their method was meant for discriminating DDoS attack from flash events. Little et al [21] proposed a technique known as spectral clustering for classifying various network attacks including DDoS attacks They evaluated the accuracy of classification, and the classifier cloud be used to have real-time attack detection. Different methods identified in the literature include entropy variations on ITMs, temporal and spatial locality behavior, real-time frequency vector-based approach, information metric approach, traffic cluster entropy, ANN, spectral clustering technique, DDoS TCP flood attack detection, sFlow with security-centric SDN, evidence gathering approach, partial rank correlation, self-organizing feature map, anonymous profile-based anomaly detection, adaptive probabilistic filter scheduling, user clicks identification, and proxy-based temporal and spatial locality behavior models. (Hc(t_ID)>(HN(tc_ID)+v∗σtc_ID)) [Current traffic entropy>upper threshold traffic entropy] As per the non-spoofed DDoS attack conditions given above, if the current source entropy is less than the lower threshold source entropy and the current traffic entropy is greater than the upper threshold traffic entropy, such attack is considered to be non-spoofed DDoS attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
