Superpoint-based detection against distributed denial of service (DDoS) flooding attacks

The 21st IEEE International Workshop on Local and Metropolitan Area Networks Pub Date : 2015-04-22 DOI:10.1109/LANMAN.2015.7114724

Hong Jiang, Shuqiao Chen, Hong-chao Hu, Mingming Zhang

{"title":"Superpoint-based detection against distributed denial of service (DDoS) flooding attacks","authors":"Hong Jiang, Shuqiao Chen, Hong-chao Hu, Mingming Zhang","doi":"10.1109/LANMAN.2015.7114724","DOIUrl":null,"url":null,"abstract":"DDoS flooding attack is a critical threat to the normal operation of network. However, current feature-based detection methods are cheated by hackers easily and most of these mechanisms do not differentiate between DDoS flooding attacks and legitimate random flash crowds with feature independent and location extended. To address the challenges, we propose a two-stage detection strategy by combining superpoints and flow similarity measurement. To locate the suspicious flows, polymerization degree of destination superpoints is introduced in a moving time window mechanism. Based on the suspicious flows, a sliding-detection algorithm is presented for distinguishing flooding attacks from flash crowds with similarity metrics. Computer simulation results indicate that our detection approach can detect DDoS flooding attacks efficiently and Total Variation Distance (TVD) is the most suitable metric for discriminating DDoS flooding attack flows from flash crowds. Built on flow arrivals, the proposed mechanism is practical for the attack detection on high speed links.","PeriodicalId":193630,"journal":{"name":"The 21st IEEE International Workshop on Local and Metropolitan Area Networks","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 21st IEEE International Workshop on Local and Metropolitan Area Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LANMAN.2015.7114724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

DDoS flooding attack is a critical threat to the normal operation of network. However, current feature-based detection methods are cheated by hackers easily and most of these mechanisms do not differentiate between DDoS flooding attacks and legitimate random flash crowds with feature independent and location extended. To address the challenges, we propose a two-stage detection strategy by combining superpoints and flow similarity measurement. To locate the suspicious flows, polymerization degree of destination superpoints is introduced in a moving time window mechanism. Based on the suspicious flows, a sliding-detection algorithm is presented for distinguishing flooding attacks from flash crowds with similarity metrics. Computer simulation results indicate that our detection approach can detect DDoS flooding attacks efficiently and Total Variation Distance (TVD) is the most suitable metric for discriminating DDoS flooding attack flows from flash crowds. Built on flow arrivals, the proposed mechanism is practical for the attack detection on high speed links.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于超级点的分布式拒绝服务(DDoS)洪水攻击检测

DDoS洪水攻击对网络的正常运行构成了严重威胁。然而，现有的基于特征的检测方法很容易被黑客欺骗，并且大多数机制无法区分DDoS洪水攻击和具有特征独立和位置扩展的合法随机闪群攻击。为了解决这些问题，我们提出了一种结合叠加点和流量相似度测量的两阶段检测策略。为了定位可疑流，在移动时间窗口机制中引入了目标叠加点的聚合度。在可疑流量的基础上，提出了一种滑动检测算法，利用相似度度量来区分洪水攻击和闪电人群攻击。计算机仿真结果表明，该方法能够有效地检测出DDoS洪水攻击，总变异距离(Total Variation Distance, TVD)是区分DDoS洪水攻击流和闪电人群的最合适指标。该机制基于流量到达，对高速链路上的攻击检测具有实用性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

The 21st IEEE International Workshop on Local and Metropolitan Area Networks

自引率

0.00%

发文量