Title

Distinguishing between FE and DDoS using Randomness Check

Publication Type

Conference Proceeding Article

Publication Date

9-2008

Abstract

Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.

Discipline

Information Security

Research Areas

Information Security and Trust

Publication

Proceedings of the 11st Information Security Conference, LNCS 5222, Springer Verlag

First Page

131

Last Page

145

Identifier

10.1007/978-3-540-85886-7_9

Publisher

Springer Verlag

Additional URL

http://dx.doi.org/10.1007/978-3-540-85886-7_9