BEHAVIOR-BASED CLUSTERING FOR DISCRIMINATION BETWEEN FLASH CROWDS AND DDoS ATTACKS

Young Jun Heo, Jintae Oh, Jongsoo Jang

2009

Abstract

We propose discrimination methods that classify cluster of traffic behaviour of flash crowds and DDoS attacks such as traffic pattern and characteristics and check cluster randomness. The behavior-based clustering consolidates packet into clusters based on similarity of observed behavior, e.g., source IPs are clustered together based on their pattern of destination port usage. The main objectives are to find way to proactively resolve problems such as DDoS attacks by detection and resolving attacks in their early development stages.

References

  1. U. Herman, 2006. Flash Crowd Prediction, Master's Thesis, Warsaw University.
  2. Gordon, L.A., Loeb, M.P., Lucyshn, W., Richardson, R., 2004. CSI/FBI computer crime and security survey. In Computer Security Inst..2004
  3. G. Carl and G. Kesidis, Denial-of-Service Attack Detection Techniques, IEEE Internet Computing 2006, IEEE Computer Society.
  4. Krishnamurthy, B., Wang, J., 2000. On network-aware clustering of web clients. In ACM SIGCOMM'00.
  5. Jung, J., Krishnamurthy, B., Rabinovich, M., 2002. Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. In WWW 2002.
  6. A. McGregor, M. Hall, P. Lorier, and J. Brunskill., 2004. Flow Clustering Using Machine Learning Techniques. In PAM 2004, Antibes Juan-les-Pins, France.
  7. S. Zander, T. Nguyen, and G. Armitage., 2005. Automated Traffic Classification and Application Identification using Machine Learning. In LCN'05, Sydney, Australia.
  8. He, Y., Chen, W., Xiao, B., 2005. Detecting SYN flooding attacks near innocent side. In MSN 2005.
  9. Wang, H., Zhang, D., Shin, K.G., 2002. Detecting SYN flooding attacks. In INFOCOM2002.
  10. Feinstein, L., Schackenberg, D., Balupari, R., Kindred, D., 2003. Statistical approaches to DDoS attack detection and response. In DISCEX 2003.
  11. Peng, T., Leckie, C., Rnmamohanarao, K, 2004., Proactively detecting Distributed Denial of Service attacks using source IP address monitoring. Networking 2004.
  12. H. Park et al, Distinguishing between FE and DDoS Using Randomness Check, In ISC 2008.
  13. Yan Hu, Dah-Mng Chiu, and John C.S. Lui, Entropy Based Flow Aggregation, In Networking 2006.
Download


Paper Citation


in Harvard Style

Jun Heo Y., Oh J. and Jang J. (2009). BEHAVIOR-BASED CLUSTERING FOR DISCRIMINATION BETWEEN FLASH CROWDS AND DDoS ATTACKS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 140-143. DOI: 10.5220/0002225801400143


in Bibtex Style

@conference{secrypt09,
author={Young Jun Heo and Jintae Oh and Jongsoo Jang},
title={BEHAVIOR-BASED CLUSTERING FOR DISCRIMINATION BETWEEN FLASH CROWDS AND DDoS ATTACKS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={140-143},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002225801400143},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - BEHAVIOR-BASED CLUSTERING FOR DISCRIMINATION BETWEEN FLASH CROWDS AND DDoS ATTACKS
SN - 978-989-674-005-4
AU - Jun Heo Y.
AU - Oh J.
AU - Jang J.
PY - 2009
SP - 140
EP - 143
DO - 10.5220/0002225801400143