Abstract
Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.
| Original language | English |
|---|---|
| Title of host publication | NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity |
| Pages | 167-173 |
| Number of pages | 7 |
| DOIs | |
| Publication status | Published - 2007 |
| Event | NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity - Trondheim Duration: 2007 May 21 → 2007 May 23 |
Other
| Other | NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity |
|---|---|
| City | Trondheim |
| Period | 07/5/21 → 07/5/23 |
Fingerprint
ASJC Scopus subject areas
- Computer Networks and Communications
- Software
Cite this
Methods of distinguishing flash crowds from spoofed DoS attacks. / Le, The Quyen; Zhanikeev, Marat; Tanaka, Yoshiaki.
NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity. 2007. p. 167-173 4231835.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Methods of distinguishing flash crowds from spoofed DoS attacks
AU - Le, The Quyen
AU - Zhanikeev, Marat
AU - Tanaka, Yoshiaki
PY - 2007
Y1 - 2007
N2 - Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.
AB - Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.
UR - http://www.scopus.com/inward/record.url?scp=34548812317&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548812317&partnerID=8YFLogxK
U2 - 10.1109/NGI.2007.371212
DO - 10.1109/NGI.2007.371212
M3 - Conference contribution
SN - 1424408571
SN - 9781424408573
SP - 167
EP - 173
BT - NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity
ER -