Entity-based Parameterization for Distinguishing Distributed Denial of Service from Flash Events
Keywords:DDoS Attack, Flash Event, Parameter Classification, Packet Entropy, Information Distance.
In a perfect condition, there are only normal network traffic and sometimes flash event traffics due to some eye-catching or heart-breaking events. Nevertheless, both events carry legitimate requests and contents to the server. Flash event traffic can be massive and damaging to the availability of the server. However, it can easily be remedied by hardware solutions such as adding extra processing power and memory devices and software solution such as load balancing. In contrast, a collection of illegal traffic requests produced during distributed denial of service (DDoS) attack tries to cause damage to the server and thus is considered as dangerous where prevention, detection and reaction are imminent in case of occurrence. In this paper, the detection of attacks by distinguishing it from legal traffic is of our main concern. Initially, we categorize the parameters involved in the attacks in relation to their entities. Further, we examine different concepts and techniques from information theory and image processing domain that takes the aforementioned parameters as input and in turn decides whether an attack has occurred. In addition to that, we also pointed out the advantages for each technique, as well as any possible weakness for possible future works.
 D. Parwani, A. Dutta, P. K. Shukla. (2017). Prevention Mechanism of DDoS Attacks: A Critical Review. International Journal of Science, Engineering and Technology, 5(3), 99-112.
 A. Keshariya, N. Foukia. DDoS Defense Mechanisms: A New Taxonomy. In: Garcia-Alfaro J., Navarro-Arribas G., Cuppens-Boulahia N., Roudier Y. (eds) Data Privacy Management and Autonomous Spontaneous Security. Lecture Notes in Computer Science, vol 5939(2010). Springer, Berlin, Heidelberg.
 J. Mirkovic and P. Reiher. (2004). A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communications Review, 34(2), 39-53.
 P. Kaur, M. Kumar, A. Bhandari. (2017). A review of detection approaches for distributed denial of service attacks. Systems Science & Control Engineering, 5(1), 301-320.
 A. Bhandari, A. L. Sangal and K. Kumar. (2014). Performance Metrics for Defense Framework against Distributed Denial of Service Attacks. International Journal of Network Security, VI, 38-47.
 K. Yoohwan, W. C. Lau, M. C. Chuah, H. J. Chao. (2006). PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing, 3(2), 141-155.
 A. Hussain, J. Heidemann, C. Papadopoulos. A framework for classifying denial of service attacks. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2003 (2003), pp:99-110.
 Jung, B. Krishnamurthy, and M. Rabinovich. Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. Proceedings of the 11th International Conference on World Wide Web (WWW '02), (2002), pp:293â€“304.
 B. Hu, L. Bi, S. Dai. (2017). Information Distances versus Entropy Metric. Entropy, 19(6), 260.
 S. Yu, T. Thapngam, J. Liu, S. Wei and W. Zhou. Discriminating DDoS Flows from Flash Crowds Using Information Distance, Third International Conference on Network and System Security, Gold Coast, QLD, (2009), pp:351-356.
 Y. Xiang, K. Li and W. Zhou. (2011). Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics, IEEE Transactions on Information Forensics and Security, 6(2), 426-437.
 X. Ma and Y. Chen. (2014). DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy, IEEE Communications Letters, 18(1), 114-117.
 M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita. (2014). Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials, 16(1), 303-336.
 Ã–. Cepheli, S. BÃ¼yÃ¼kÃ§orak, G. K. Kurt. (2016). Hybrid Intrusion Detection System for DDoS Attacks. Journal of Electrical and Computer Engineering, Article ID 1075648, 8 pages.
 S. Behal, K. Kumar. (2017). Detection of DDoS attacks and flash events using information theory metrics: An empirical investigation. Comput. Commun. 103(C), 18-28.
 V. Alarcon-Aquino, J. A. Barria. (2001). Anomaly detection in communication networks using wavelets. IEE Proceedings - Communications, 148(6), 355-362.
 L. Li, G. Lee. (2005). DDoS Attack Detection and Wavelets. Telecommun Syst. 28(3-4), 435-451.
 J. Gao, G. Hu, X. Yao, R. K. C. Chang. Anomaly Detection of Network Traffic Based on Wavelet Packet. Asia-Pacific Conference on Communications, Busan, (2006), pp:1-5.
 M. Hamdi, N. Boudriga. (2007). Detecting Denial-of-Service attacks using the wavelet transform. Computer Communications, 30(16), 3203-3213.
 F. Wang, H. Wang, X. Wang, J. Su. (2012). A new multistage approach to detect subtle DDoS attacks. Mathematical and Computer Modelling, 55(1â€“2), 198-213.
 T. Sun, H. Tian, X. Mei. (2015). Anomaly Detection and Localization by Diffusion Wavelet-based Analysis on Traffic Matrix, Computer Science & Information Systems, 12(4), 1361-1374.