University of Canterbury Home
    • Admin
    UC Research Repository
    UC Library
    JavaScript is disabled for your browser. Some features of this site may not work without it.
    View Item 
    1. UC Home
    2. Library
    3. UC Research Repository
    4. Faculty of Engineering | Te Kaupeka Pūhanga
    5. Engineering: Theses and Dissertations
    6. View Item
    1. UC Home
    2.  > 
    3. Library
    4.  > 
    5. UC Research Repository
    6.  > 
    7. Faculty of Engineering | Te Kaupeka Pūhanga
    8.  > 
    9. Engineering: Theses and Dissertations
    10.  > 
    11. View Item

    DDoS detection based on traffic self-similarity (2008)

    Thumbnail
    View/Open
    Thesis_fulltext.pdf (1.178Mb)
    Type of Content
    Theses / Dissertations
    UC Permalink
    http://hdl.handle.net/10092/2105
    http://dx.doi.org/10.26021/3231
    
    Thesis Discipline
    Computer Science
    Degree Name
    Master of Science
    Publisher
    University of Canterbury. Computer Science and Software Engineering
    Collections
    • Engineering: Theses and Dissertations [2760]
    Authors
    Brignoli, Delio
    show all
    Abstract

    Distributed denial of service attacks (or DDoS) are a common occurrence on the internet and are becoming more intense as the bot-nets, used to launch them, grow bigger. Preventing or stopping DDoS is not possible without radically changing the internet infrastructure; various DDoS mitigation techniques have been devised with different degrees of success. All mitigation techniques share the need for a DDoS detection mechanism. DDoS detection based on traffic self-similarity estimation is a relatively new approach which is built on the notion that undis- turbed network traffic displays fractal like properties. These fractal like properties are known to degrade in presence of abnormal traffic conditions like DDoS. Detection is possible by observing the changes in the level of self-similarity in the traffic flow at the target of the attack. Existing literature assumes that DDoS traffic lacks the self-similar properties of undisturbed traffic. We show how existing bot- nets could be used to generate a self-similar traffic flow and thus break such assumptions. We then study the implications of self-similar attack traffic on DDoS detection. We find that, even when DDoS traffic is self-similar, detection is still possible. We also find that the traffic flow resulting from the superimposition of DDoS flow and legitimate traffic flow possesses a level of self-similarity that depends non-linearly on both relative traffic intensity and on the difference in self-similarity between the two incoming flows.

    Keywords
    ddos, self-similarity, distributed denial of service detection
    Rights
    Copyright Delio Brignoli
    https://canterbury.libguides.com/rights/theses

    Related items

    Showing items related by title, author, creator and subject.

    • Self-similar traffic engineering and applications to mobile radio networks 

      Nelson, Richard (University of Canterbury. Electrical and Electronic Engineering, 1998)
      Mobile networks are experiencing exponential rates of subscriber growth worldwide. In addition they are rapidly developing sophistication and capabilities for delivering multiple service types at widely varying data rates. ...
    • Reactive traffic control mechanisms for communication networks with self-similar bandwidth demands 

      Östring, Sven Andrew Mark (University of Canterbury. Electrical and Electronic Engineering, 2001)
      Communication network architectures are in the process of being redesigned so that many different services are integrated within the same network. Due to this integration, traffic management algorithms need to balance the ...
    • Fast Self-Similar Teletraffic Generation Based on FGN and Inverse DWT 

      Jeong, H-D.J.; McNickle, D.; Pawlikowski, K. (Department of Computer Science and Management, University of CanterburyUniversity of Canterbury. Computer Science and Software EngineeringUniversity of Canterbury. Management, 1999)
      It is generally accepted that self-similar (or fractal) processes may provide better models of teletra c in modern computer networks than Poisson processes. Thus, an important requirement for conducting simulation studies ...
    Advanced Search

    Browse

    All of the RepositoryCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThesis DisciplineThis CollectionBy Issue DateAuthorsTitlesSubjectsThesis Discipline

    Statistics

    View Usage Statistics
    • SUBMISSIONS
    • Research Outputs
    • UC Theses
    • CONTACTS
    • Send Feedback
    • +64 3 369 3853
    • ucresearchrepository@canterbury.ac.nz
    • ABOUT
    • UC Research Repository Guide
    • Copyright and Disclaimer
    • SUBMISSIONS
    • Research Outputs
    • UC Theses
    • CONTACTS
    • Send Feedback
    • +64 3 369 3853
    • ucresearchrepository@canterbury.ac.nz
    • ABOUT
    • UC Research Repository Guide
    • Copyright and Disclaimer