Distinguishing between FE and DDoS using Randomness Check
Conference Proceeding Article
Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices.
Information Security and Trust
Proceedings of the 11st Information Security Conference, LNCS 5222, Springer Verlag
PARK, Hyundo; LI, Peng; GAO, Debin; LEE, Heejo; and DENG, Robert H..
Distinguishing between FE and DDoS using Randomness Check. (2008). Proceedings of the 11st Information Security Conference, LNCS 5222, Springer Verlag. 131-145. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/429