About the journal

• Home page
• Contact information
• Aims and scope
• Indexing information
• Editorial policies
• ComSIS consortium
• Journal boards
• Managing board

For authors

• Information for contributors
• Paper submission
• Article submission through OJS
• Copyright transfer form
• Download section

For readers

• Forthcoming articles
• Current issue
• Archive

For reviewers

• View and review submissions

News

• Journal's Facebook page
• Calls for special issues
• New issue notification

Distinguishing Flooding Distributed Denial of Service from Flash Crowds Using Four Data Mining Approaches

Bin Kong^{1, 2}, Kun Yang^{4, 5}, Degang Sun^{4, 5}, Meimei Li^{3, 4, 5} and Zhixin Shi^{4, 5}

1. School of Economics and Management, Beijing Jiaotong University
   Beijing, China
   pingpangfan@163.com
2. National Secrecy Science and Technology Evaluation Center
   Beijing, China
   pingpangfan@163.com
3. School of Computer and Information Technology, Beijing Jiaotong University
   Beijing, China
   limeimei@iie.ac.cn
4. Institute of Information Engineering, Chinese Academy of Sciences
   Beijing, China
   {yangkun,sundegang,limeimei,shizhixin@iie.ac.cn}
5. School of Cyber Security, University of Chinese Academy of Sciences
   Beijing, China
   {yangkun,sundegang,limeimei,shizhixin@iie.ac.cn}

Abstract

Flooding Distributed Denial of Service (DDoS) attacks can cause significant damage to Internet. These attacks have many similarities to Flash Crowds (FCs) and are always difficult to distinguish. To solve this issue, this paper first divides existing methods into two categories to clarify existing researches. Moreover, after conducting an extensive analysis, a new feature set is concluded to profile DDoS and FC. Along with this feature set, this paper proposes a new method that employs Data Mining approaches to discriminate between DDoS attacks and FCs. Experiments are conducted to evaluate the proposed method based on two realworld datasets. The results demonstrate that the proposed method could achieve a high accuracy (more than 98%). Additionally, compared with a traditional entropy method, the proposed method still demonstrates better performance.

Key words

Flooding DDoS, Flash Crowds, Data Mining, Entropy

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS161230032K

Publication information

Volume 14, Issue 3 (September 2017)
Advances in Information Technology, Distributed and Model Driven Systems
Year of Publication: 2017
ISSN: 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

Available in PDF
Portable Document Format

How to cite

Kong, B., Yang, K., Sun, D., Li, M., Shi, Z.: Distinguishing Flooding Distributed Denial of Service from Flash Crowds Using Four Data Mining Approaches. Computer Science and Information Systems, Vol. 14, No. 3, 839–856. (2017), https://doi.org/10.2298/CSIS161230032K