Flash Crowd与DDoS攻击区分方法研究综述

计算机科学 ›› 2015, Vol. 42 ›› Issue (Z11): 313-316.

Flash Crowd与DDoS攻击区分方法研究综述

骆凯,罗军勇,尹美娟,刘琰,高李政

数学工程与先进计算国家重点实验室郑州450001,数学工程与先进计算国家重点实验室郑州450001,数学工程与先进计算国家重点实验室郑州450001,数学工程与先进计算国家重点实验室郑州450001,数学工程与先进计算国家重点实验室郑州450001

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家自然科学基金项目(61309007),国家863计划基金项目(2012AA012902)资助

Survey on Distinction between Flash Crowd and DDoS Attacks

LUO Kai, LUO Jun-yong, YIN Mei-juan, LIU Yan and GAO Li-zheng

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 由于Web服务器的DDoS攻击行为与Flash Crowd非常接近,Flash Crowd与DDoS攻击的区分问题成为网络安全领域新的研究热点。首先概述了Flash Crowd的基本概念与分类,比较了Flash Crowd与DDoS攻击的相似性与差异性；随后详细介绍了目前区分Flash Crowd与DDoS攻击的3类方法:基于流量特征的方法、基于用户行为的方法和基于主机测试的方法；然后介绍了几个目前使用最广泛的数据集；最后对该领域的研究方向进行了预测。

关键词: DDoS攻击,Flash Crowd,突发流量,Web服务

Abstract: DDoS attacks on Web servers is close to Flash Crowd and the distinction between Flash Crowd and DDoS attacks is becoming a new research point in the field of network security.This paper began with an overview of the concept and taxonomy of Flash Crowd,and compared the similarities and differences between Flash Crowd and DDoS attacks.Then we detailed the three popular methods of distinguishing between the Flash Crowd and DDoS attacks:methods based on traffic characteristics,methods based on user behavior and methods based on host testing.What’s more,this paper introduced several popular datasets,and finally predicted the researching trend in the future.

Key words: DDoS attack,Flash Crowd,Burst traffic,Web services

骆凯,罗军勇,尹美娟,刘琰,高李政. Flash Crowd与DDoS攻击区分方法研究综述[J]. 计算机科学, 2015, 42(Z11): 313-316. https://doi.org/

LUO Kai, LUO Jun-yong, YIN Mei-juan, LIU Yan and GAO Li-zheng. Survey on Distinction between Flash Crowd and DDoS Attacks[J]. Computer Science, 2015, 42(Z11): 313-316. https://doi.org/

参考文献

[1] Niven L.The flight of the horse[M].Ballantine Books,1973
[2] Bhatia S,Mohay G,Schmidt D,et al.Modelling web-server flash events[C]∥Proceedings of the 11th IEEE International Symposium on Network Computing and Applications(NCA).2012:79-86
[3] Li K,Zhou W,Li P,et al.Distinguishing DDoS attacks from flash crowds using probability metrics[C]∥Proceedings of IEEE 3rd International Conference on Network and System Security(NSS).2009:9-17
[4] Jung J,Krishnamurthy B,Rabinovich M.Flash crowds and denial of service attacks:Characterization and implications for CDNs and web sites[C]∥Proceedings of the 11th international confe-rence on World Wide Web.ACM,2002:293-304
[5] Yu S,Thapngam T,Liu J,et al.Discriminating DDoS flows from flash crowds using information distance[C]∥Proceedings of IEEE 3rd International Conference on Network and System Security(NSS).2009:351-356
[6] Thapngam T,Yu S,Zhou W,et al.Discriminating DDoS attack traffic from flash crowd through packet arrival patterns[C]∥Proceedings of the IEEE International Conference on Computer Communications Workshops.2011:952-957
[7] Katiyar P,Kumarn U S,Balakrishanan S.Detection and Dis-crimination of DDoS Attacks from Flash Crowd Using Entropy Variations[J].International Journal of Engineering & Techno-logy,2013,5(4):3514
[8] Prasad K M,Reddy A R M,Rao K V.Discriminating DDoS Attack traffic from Flash Crowds on Internet Threat Monitors(ITM) Using Entropy Variations[J].African Journal of Computing & ICT,2013,6(2):53-62
[9] Zhang J,Qin Z,Ou L,et al.An advanced entropy-based DDOS detection scheme[C]∥Proceedings of the IEEE International Conference on Information Networking and Automation(ICINA).2010:67-71
[10] 严芬,丁超,殷新春.基于信息熵的DNS拒绝服务攻击的检测研究[J].计算机科学,2015,42(3):140-143
[11] Houle K J,Weaver G M,Long N,et al.Trends in denial of ser-vice attack technology[R].Technical Report,CERT and CERT Coordination Center,2001
[12] 孙知信,李清东.基于源目的 IP地址对数据库的防范 DDos 攻击策略[J].软件学报,2007,18(10):2613-2623
[13] Mahajan D,Sachdeva M.Distinguishing DDoS Attack fromFlash Event Using Real-World Datasets with Entropy as an Evaluation Metric[C]∥Proceedings of the IEEE International Conference on Machine Intelligence and Research Advancement(ICMIRA).2013:90-94
[14] 谢逸,余顺争.基于Web用户浏览行为的统计异常检测[J].软件学报,2007,18(4):967-977
[15] Oikonomou G,Mirkovic J.Modeling human behavior for defense against flash-crowd attacks[C]∥Proceedings of the IEEE International Conference on Communications(ICC’09).2009:1-6
[16] Ye C,Zheng K.Detection of application layer distributed denial of service[C]∥Proceedings of the IEEE International Confe-rence on Computer Science and Network Technology(ICC-SNT).2011:310-314
[17] 肖军,云晓春,张永铮.基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J].计算机学报,2010,33(9):1713-1724
[18] 王风宇,曹首峰,肖军.一种基于Web群体外联行为的应用层DDoS检测方法[J].软件学报,2013,24(6):1263-1273
[19] 谢柏林,蒋盛益,张倩生.基于请求关键词的应用层 DDoS 攻击检测方法[J].计算机科学,2013,40(7):121-125
[20] Kandula S,Katabi D,Jacob M,et al.Botz-4-sale:Surviving organized DDoS attacks that mimic flash crowds[C]∥Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2.2005:287-300
[21] Von Ahn L,Blum M,Hopper N J,et al.CAPTCHA:Using hard AI problems for security[M]//Proceedings of the 22nd International Conference on Theory and Applications of Cryptographic Techniques.2003:294-311
[22] Park K S,Pai V S,Lee K W,et al.Securing Web Service by Automatic Robot Detection[C]∥USENIX Annual Technical Conference,General Track.2006:255-260
[23] Walfish M,Vutukuru M,Balakrishnan H,et al.DDoS defenseby offense[J].ACM SIGCOMM Computer Communication Review,2006,36(4):303-314
[24] Bhatia S,Schmidt D,Mohay G,et al.A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events[J].Computers & Security,2014,40:95-107
[25] MIT.KDD Cup 1999 Data [DB/OL].[2015-03-9].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[26] CAIDA.Index of/datasets/security/ddos-20070804 [DB/OL].[2015-03-09].https://data.caida.org/datasets/security/ddos-20070804/
[27] ITA.WorldCup98[DB/OL].[2015-03-09].http://ita.ee.lbl.gov/html/contrib/WorldCup.html

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed