DDoS detection based on traffic self-similarity (2008)

View/ Open
Type of Content
Theses / DissertationsThesis Discipline
Computer ScienceDegree Name
Master of SciencePublisher
University of Canterbury. Computer Science and Software EngineeringCollections
Abstract
Distributed denial of service attacks (or DDoS) are a common occurrence on the internet and are becoming more intense as the bot-nets, used to launch them, grow bigger. Preventing or stopping DDoS is not possible without radically changing the internet infrastructure; various DDoS mitigation techniques have been devised with different degrees of success. All mitigation techniques share the need for a DDoS detection mechanism. DDoS detection based on traffic self-similarity estimation is a relatively new approach which is built on the notion that undis- turbed network traffic displays fractal like properties. These fractal like properties are known to degrade in presence of abnormal traffic conditions like DDoS. Detection is possible by observing the changes in the level of self-similarity in the traffic flow at the target of the attack. Existing literature assumes that DDoS traffic lacks the self-similar properties of undisturbed traffic. We show how existing bot- nets could be used to generate a self-similar traffic flow and thus break such assumptions. We then study the implications of self-similar attack traffic on DDoS detection. We find that, even when DDoS traffic is self-similar, detection is still possible. We also find that the traffic flow resulting from the superimposition of DDoS flow and legitimate traffic flow possesses a level of self-similarity that depends non-linearly on both relative traffic intensity and on the difference in self-similarity between the two incoming flows.
Keywords
ddos, self-similarity, distributed denial of service detectionRights
Copyright Delio BrignoliRelated items
Showing items related by title, author, creator and subject.
-
Self-similar traffic engineering and applications to mobile radio networks
Nelson, Richard (University of Canterbury. Electrical and Electronic Engineering, 1998)Mobile networks are experiencing exponential rates of subscriber growth worldwide. In addition they are rapidly developing sophistication and capabilities for delivering multiple service types at widely varying data rates. ... -
Reactive traffic control mechanisms for communication networks with self-similar bandwidth demands
Östring, Sven Andrew Mark (University of Canterbury. Electrical and Electronic Engineering, 2001)Communication network architectures are in the process of being redesigned so that many different services are integrated within the same network. Due to this integration, traffic management algorithms need to balance the ... -
Fast Self-Similar Teletraffic Generation Based on FGN and Inverse DWT
Jeong, H-D.J.; McNickle, D.; Pawlikowski, K. (Department of Computer Science and Management, University of CanterburyUniversity of Canterbury. Computer Science and Software EngineeringUniversity of Canterbury. Management, 1999)It is generally accepted that self-similar (or fractal) processes may provide better models of teletra c in modern computer networks than Poisson processes. Thus, an important requirement for conducting simulation studies ...