Methods of distinguishing flash crowds from spoofed DoS attacks

The Quyen Le, Marat Zhanikeev, Yoshiaki Tanaka

    研究成果: Conference contribution

    13 引用 (Scopus)

    抄録

    Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.

    元の言語English
    ホスト出版物のタイトルNGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity
    ページ167-173
    ページ数7
    DOI
    出版物ステータスPublished - 2007
    イベントNGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity - Trondheim
    継続期間: 2007 5 212007 5 23

    Other

    OtherNGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity
    Trondheim
    期間07/5/2107/5/23

    Fingerprint

    Web services
    Internet
    Telecommunication traffic
    Denial-of-service attack

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Software

    これを引用

    Le, T. Q., Zhanikeev, M., & Tanaka, Y. (2007). Methods of distinguishing flash crowds from spoofed DoS attacks. : NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity (pp. 167-173). [4231835] https://doi.org/10.1109/NGI.2007.371212

    Methods of distinguishing flash crowds from spoofed DoS attacks. / Le, The Quyen; Zhanikeev, Marat; Tanaka, Yoshiaki.

    NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity. 2007. p. 167-173 4231835.

    研究成果: Conference contribution

    Le, TQ, Zhanikeev, M & Tanaka, Y 2007, Methods of distinguishing flash crowds from spoofed DoS attacks. : NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity., 4231835, pp. 167-173, NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity, Trondheim, 07/5/21. https://doi.org/10.1109/NGI.2007.371212
    Le TQ, Zhanikeev M, Tanaka Y. Methods of distinguishing flash crowds from spoofed DoS attacks. : NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity. 2007. p. 167-173. 4231835 https://doi.org/10.1109/NGI.2007.371212
    Le, The Quyen ; Zhanikeev, Marat ; Tanaka, Yoshiaki. / Methods of distinguishing flash crowds from spoofed DoS attacks. NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity. 2007. pp. 167-173
    @inproceedings{bc610ecbaeb84d8490b358fe830900f8,
    title = "Methods of distinguishing flash crowds from spoofed DoS attacks",
    abstract = "Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.",
    author = "Le, {The Quyen} and Marat Zhanikeev and Yoshiaki Tanaka",
    year = "2007",
    doi = "10.1109/NGI.2007.371212",
    language = "English",
    isbn = "1424408571",
    pages = "167--173",
    booktitle = "NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity",

    }

    TY - GEN

    T1 - Methods of distinguishing flash crowds from spoofed DoS attacks

    AU - Le, The Quyen

    AU - Zhanikeev, Marat

    AU - Tanaka, Yoshiaki

    PY - 2007

    Y1 - 2007

    N2 - Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.

    AB - Web services have become an indispensable part of the Internet and the world. We have learned their applicability in every aspects of human life which lead to the huge amount of Web traffic exchanged over the Internet everyday. This excessive popularity is also the cause that led to some troubles. Among them, Flash crowds and Denial of Service (DoS) attacks are the two major concerns for the stability and safety of the Web services. So far, there are some methods that can detect the occurrences of these incidents in network traffic, however it still remains unclear how to explicitly distinguish DoS attacks and Flash crowds as these anomalies are very much alike. In this paper, we present various analyses on traffic traces of DoS attacks and Flash crowds to prove that even though DoS attacks mimic Flash crowds, there are still several differences in various aspects of these two incidents. As long as Flash crowd is an unusual traffic phenomenon of web user communities, there must be some features that a single DoS attacker cannot imitate. We specially focused on the source distribution and the variation pattern in traffic and archived remarkable results.

    UR - http://www.scopus.com/inward/record.url?scp=34548812317&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=34548812317&partnerID=8YFLogxK

    U2 - 10.1109/NGI.2007.371212

    DO - 10.1109/NGI.2007.371212

    M3 - Conference contribution

    AN - SCOPUS:34548812317

    SN - 1424408571

    SN - 9781424408573

    SP - 167

    EP - 173

    BT - NGI 2007: 2007 Next Generation Internet Networks - 3rd EuroNGI Conference on Next Generation Internet Networks: Design and Engineering for Heterogeneity

    ER -