Information theory based detection against network behavior mimicking DDoS attacks
DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed...
Uloženo v:
| Vydáno v: | IEEE communications letters Ročník 12; číslo 4; s. 318 - 321 |
|---|---|
| Hlavní autoři: | , , |
| Médium: | Journal Article |
| Jazyk: | angličtina |
| Vydáno: |
New York, NY
IEEE
01.04.2008
Institute of Electrical and Electronics Engineers The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Témata: | |
| ISSN: | 1089-7798, 1558-2558 |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Based on this observation, once there appear suspicious flows to a server, we start to calculate the distance of the package distribution behavior among the suspicious flows. If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. Our analysis and the preliminary experiments indicate that the proposed method- can discriminate mimicking flooding attacks from legitimate accessing efficiently and effectively. |
|---|---|
| AbstractList | If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based on these features. It is an open problem of discriminating the mimicking DDoS attacks from massive legitimate network accessing. We observed that the zombies use controlled function(s) to pump attack packages to the victim, therefore, the attack flows to the victim are always share some properties, e.g. packages distribution behaviors, which are not possessed by legitimate flows in a short time period. Based on this observation, once there appear suspicious flows to a server, we start to calculate the distance of the package distribution behavior among the suspicious flows. If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. Our analysis and the preliminary experiments indicate that the proposed method- can discriminate mimicking flooding attacks from legitimate accessing efficiently and effectively. |
| Author | Shui Yu Doss, R. Wanlei Zhou |
| Author_xml | – sequence: 1 surname: Shui Yu fullname: Shui Yu organization: Deakin Univ., Melbourne – sequence: 2 surname: Wanlei Zhou fullname: Wanlei Zhou organization: Deakin Univ., Melbourne – sequence: 3 givenname: R. surname: Doss fullname: Doss, R. organization: Deakin Univ., Melbourne |
| BackLink | http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=20249196$$DView record in Pascal Francis |
| BookMark | eNp90c9PFDEUB_CJwURA_wDjZWIinmbpj-m0PZpFgWQJCeq5edN5A2VnWmy7Gv57u7vogQOXtmk-7zWv36PqwAePVfWekgWlRJ-ultdXVwtGiFoQyUirX1WHVAjVsLIclDNRupFSqzfVUUr3pEAm6GF1c-nHEGfILvg632GIj3UPCYd6wIx2dw234HzKtcf8J8R13eMd_HYh1rObnV07f1ufnYXvNeQMdp3eVq9HmBK-e9qPq5_fvv5YXjSr6_PL5ZdVY7kSubFD3wtkVgoQUvYgBztQpuUI2HMJdGxxlGQYse9IiwOWmXqOrDDFRqCEH1ef930fYvi1wZTN7JLFaQKPYZOMkoJ0jHeiyJMXJW9b3ZVXCvz4DN6HTfRlCqM6JrXmvCvo0xOCZGEaI3jrknmIbob4aBhhraZ66-Te2RhSijga6_Luo3MENxlKzDY6s4vObKMz--hKJX1W-a_5SzUf9jUOEf_7tlW6U4T_BWkVp5s |
| CODEN | ICLEF6 |
| CitedBy_id | crossref_primary_10_1016_j_patrec_2017_03_001 crossref_primary_10_1186_s13677_021_00257_3 crossref_primary_10_1007_s10922_024_09882_0 crossref_primary_10_1016_j_procs_2016_03_007 crossref_primary_10_1109_TNSM_2018_2800007 crossref_primary_10_1002_sec_1539 crossref_primary_10_1016_j_jnca_2024_103946 crossref_primary_10_1016_j_jestch_2020_05_002 crossref_primary_10_1016_j_cose_2012_06_002 crossref_primary_10_1109_COMST_2015_2457491 crossref_primary_10_1109_LCOMM_2019_2947060 crossref_primary_10_1007_s43926_025_00182_w crossref_primary_10_1016_j_jisa_2021_103090 crossref_primary_10_1109_TNSE_2022_3202147 crossref_primary_10_1007_s12652_020_02208_3 crossref_primary_10_1109_TPDS_2010_97 |
| Cites_doi | 10.1109/MIC.2006.5 10.1109/ICSCN.2007.350758 |
| ContentType | Journal Article |
| Copyright | 2008 INIST-CNRS Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2008 |
| Copyright_xml | – notice: 2008 INIST-CNRS – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2008 |
| DBID | 97E RIA RIE AAYXX CITATION IQODW 7SP 8FD L7M F28 FR3 |
| DOI | 10.1109/LCOMM.2008.072049 |
| DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005–Present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE/IET Electronic Library (IEL) (UW System Shared) CrossRef Pascal-Francis Electronics & Communications Abstracts Technology Research Database Advanced Technologies Database with Aerospace ANTE: Abstracts in New Technology & Engineering Engineering Research Database |
| DatabaseTitle | CrossRef Technology Research Database Advanced Technologies Database with Aerospace Electronics & Communications Abstracts Engineering Research Database ANTE: Abstracts in New Technology & Engineering |
| DatabaseTitleList | Technology Research Database Engineering Research Database Engineering Research Database |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE/IET Electronic Library (IEL) (UW System Shared) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Applied Sciences |
| EISSN | 1558-2558 |
| EndPage | 321 |
| ExternalDocumentID | 2325536641 20249196 10_1109_LCOMM_2008_072049 4489680 |
| Genre | orig-research |
| GroupedDBID | -~X 0R~ 29I 4.4 5GY 5VS 6IK 97E AAJGR AARMG AASAJ AAWTH ABAZT ABQJQ ABVLG ACGFO ACIWK AENEX AETIX AGQYO AGSQL AHBIQ AI. AIBXA AKJIK AKQYR ALLEH ALMA_UNASSIGNED_HOLDINGS ATWAV AZLTO BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ H~9 IES IFIPE IFJZH IPLJI JAVBF LAI M43 O9- OCL P2P RIA RIE RNS TN5 VH1 AAYXX CITATION IQODW RIG 7SP 8FD L7M F28 FR3 |
| ID | FETCH-LOGICAL-c385t-cdbb5e2c75a577ba7dcd1297faeb37a1f4ef70dfeb604ede049b3e27dc82fa103 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 45 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000257754100033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| ISSN | 1089-7798 |
| IngestDate | Sun Sep 28 06:43:52 EDT 2025 Sat Sep 27 19:23:40 EDT 2025 Mon Jun 30 10:24:52 EDT 2025 Mon Jul 21 09:11:51 EDT 2025 Sat Nov 29 06:26:21 EST 2025 Tue Nov 18 21:18:44 EST 2025 Wed Aug 27 02:48:14 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 4 |
| Keywords | DDoS detection Traffic management Teletraffic Denial of service Distributed system distribution distance Algorithm Traffic congestion Telecommunication security Information theory |
| Language | English |
| License | https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html CC BY 4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c385t-cdbb5e2c75a577ba7dcd1297faeb37a1f4ef70dfeb604ede049b3e27dc82fa103 |
| Notes | ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 14 content type line 23 |
| PQID | 862799336 |
| PQPubID | 23500 |
| PageCount | 4 |
| ParticipantIDs | proquest_journals_862799336 pascalfrancis_primary_20249196 proquest_miscellaneous_34496604 ieee_primary_4489680 proquest_miscellaneous_875062365 crossref_primary_10_1109_LCOMM_2008_072049 crossref_citationtrail_10_1109_LCOMM_2008_072049 |
| PublicationCentury | 2000 |
| PublicationDate | 2008-04-01 |
| PublicationDateYYYYMMDD | 2008-04-01 |
| PublicationDate_xml | – month: 04 year: 2008 text: 2008-04-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationPlace | New York, NY |
| PublicationPlace_xml | – name: New York, NY – name: New York |
| PublicationTitle | IEEE communications letters |
| PublicationTitleAbbrev | COML |
| PublicationYear | 2008 |
| Publisher | IEEE Institute of Electrical and Electronics Engineers The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| Publisher_xml | – name: IEEE – name: Institute of Electrical and Electronics Engineers – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
| References | krishnamurthy (ref3) 0 cover (ref5) 2007 ref4 carl (ref1) 2006 chen (ref2) 0 |
| References_xml | – year: 2007 ident: ref5 publication-title: Elements of Information Theory – year: 2006 ident: ref1 article-title: Denial of service attack detection techniques publication-title: IEEE Internet Computing doi: 10.1109/MIC.2006.5 – year: 0 ident: ref2 article-title: Collaborative change detection of DDoS attacks on community and ISP networks publication-title: Proc of CTS 2006 – year: 0 ident: ref3 article-title: Flash crowds and denial of service attacks: characterization and implications for CDNs and Web sites publication-title: Proceedings International WWW Conference 2002 – ident: ref4 doi: 10.1109/ICSCN.2007.350758 |
| SSID | ssj0008251 |
| Score | 2.1697307 |
| Snippet | DDoS is a spy-on-spy game between attackers and detectors. Attackers are mimicking network traffic patterns to disable the detection algorithms which are based... If the distance is less than a given threshold, then it is a DDoS attack, otherwise, it is a legitimate accessing. |
| SourceID | proquest pascalfrancis crossref ieee |
| SourceType | Aggregation Database Index Database Enrichment Source Publisher |
| StartPage | 318 |
| SubjectTerms | Algorithms Applied sciences Communication system traffic control Computer crime Denial of service attacks Detection algorithms Detectors Entropy Exact sciences and technology Flooding Floods Games Information theory Information, signal and communications theory Mathematical analysis Networks Operation, maintenance, reliability of teleprocessing networks Packages Packaging Pumps Secret Servers Surges Systems, networks and services of telecommunications Telecommunication traffic Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn Teletraffic |
| Title | Information theory based detection against network behavior mimicking DDoS attacks |
| URI | https://ieeexplore.ieee.org/document/4489680 https://www.proquest.com/docview/862799336 https://www.proquest.com/docview/34496604 https://www.proquest.com/docview/875062365 |
| Volume | 12 |
| WOSCitedRecordID | wos000257754100033&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| journalDatabaseRights | – providerCode: PRVIEE databaseName: IEEE/IET Electronic Library (IEL) (UW System Shared) customDbUrl: eissn: 1558-2558 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0008251 issn: 1089-7798 databaseCode: RIE dateStart: 19970101 isFulltext: true titleUrlDefault: https://ieeexplore.ieee.org/ providerName: IEEE |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT9wwEB5R1EN76ANakfKoDz2hpmSTOLaPCIo4AK2grbhFfoyrlUoWsVkk_n3HjjcC9SFxizQTyZqx52F_MwPwYSIb742yOa9smdelMbnm1uUSjXJeKaHiMJgfJ-LsTF5eqq8r8HGshUHECD7DT-EzvuW7mV2Eq7I9SiVUIylBfyJEM9RqjVY3lGAOYHpFEaOS6QVzUqi9k4Mvp6cJNhlmsqgHPigOVQmQSD0nqfhhnMUfljm6m6OXj1voK3iRwkq2P-yD17CC3Ro8v9dscB3OU-VR0ASL9Yt3LPgwxxz2EZDVMf1TTyleZN0ADmfLIn52Nb2a2nCrzg4PZxdM932ozX8D348-fzs4ztNEhdxWkve5dcZwLK3gmgthtHDWkcMXXlNOLfTE1-hF4TyapqjRIcnKVFgSmyy9nhTVW1jtZh1uAKvQWa-5kkghGa-cJkPJvdSc-DhvXAbFUsatTe3Gw9SLX21MOwrVRrWkMZhRLRnsjr9cD702_se8HuQ-MiaRZ7DzQJEjvQy9EcncZLC51Gybjuu8pbROUKBWEfX9SKVzFh5PdIezxbyt6jo0Mq0zYP_goMyvoGCy4e_-vrRNeDaATQLsZwtW-5sFbsNTe9tP5zc7cTf_Bh5V9d0 |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3daxQxEB9KFbQPflVxrbZ58Elcu7e72SSP0loq3p2iVfq25GMiB3av9PYE_3sn2dxi8QN8W5hZCDPJfCS_mQF4PpGN90bZnFe2zOvSmFxz63KJRjmvlFBxGMyXqZjP5fm5-rAFL8daGESM4DN8FT7jW75b2nW4KjukVEI1khL0G7yuy2Ko1hrtbijCHOD0imJGJdMb5qRQh9Oj97NZAk6GqSzqmheKY1UCKFKvSC5-GGjxm22ODufk7v8t9R7cSYElez3shPuwhd0D2Pml3eAufEy1R0EXLFYw_mDBiznmsI-QrI7pr3pBESPrBng425Txs4vFxcKGe3V2fLz8xHTfh-r8h_D55M3Z0WmeZirktpK8z60zhmNpBddcCKOFs45cvvCasmqhJ75GLwrn0TRFjQ5JVqbCkthk6fWkqB7Bdrfs8DGwCp31miuJFJTxymkyldxLzYmP88ZlUGxk3NrUcDzMvfjWxsSjUG1USxqEGdWSwYvxl8uh28a_mHeD3EfGJPIM9q8pcqSXoTsiGZwM9jaabdOBXbWU2AkK1SqiHoxUOmnh-UR3uFyv2qquQyvTOgP2Fw7K_QoKJxv-5M9LO4Bbp2ezaTt9O3-3B7cH6EkAAT2F7f5qjc_gpv3eL1ZX-3Fn_wQFaPkk |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Information+Theory+Based+Detection+Against+Network+Behavior+Mimicking+DDoS+Attacks&rft.jtitle=IEEE+communications+letters&rft.au=SHUI+YU&rft.au=WANLEI+ZHOU&rft.au=DOSS%2C+Robin&rft.date=2008-04-01&rft.pub=Institute+of+Electrical+and+Electronics+Engineers&rft.issn=1089-7798&rft.volume=12&rft.issue=4&rft.spage=319&rft.epage=321&rft_id=info:doi/10.1109%2FLCOMM.2008.072049&rft.externalDBID=n%2Fa&rft.externalDocID=20249196 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1089-7798&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1089-7798&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1089-7798&client=summon |