CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd

Wen, Sheng; Jia, Weijia; Zhou, Wei; Zhou, Wanlei; Xu, Chuan

doi:10.1109/nss.2010.69

Cited by 34 publications

(33 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sheng Wen, et al [6] proposed an architecture extension called CLAD to protect web server against attacks that mimics flash crowd. It uses a front end sensor to monitor incoming traffic.…”

Section: Related Workmentioning

confidence: 99%

Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach

Rahman¹,

Tomar²,

Jijin³

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Sheng Wen, et al [6] proposed an architecture extension called CLAD to protect web server against attacks that mimics flash crowd. It uses a front end sensor to monitor incoming traffic.…”

Section: Related Workmentioning

confidence: 99%

Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach

Rahman¹,

Tomar²,

Jijin³

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Due to the subtle nature of a FRC attack, previous application-layer DDoS solutions that focus on high request intensities will not be suitable for FRC detection [120]. Instead, initial FRC detection approaches focus on behavioral metrics derived from web logs that seek to capture the aggregate web page request choices of a websites client base.…”

Section: Detectionmentioning

confidence: 99%

“…If the attack intensity increases above J2, the aggregate resource consumption will reach a point when the QoS starts to significantly degrade as the increase resource utilization results in an increase in system response latency. It is at this point detection like, as stated in [56,58,120], current application-layer DDoS detection and mitigation schemes will be activated. The transition point between the inability and ability to detect malicious resource consumption is denoted as J2 on Figure 3.2.…”

Section: Attack Descriptionmentioning

confidence: 99%

“…As the number of attacking resource consumption bots increases, damaging attacks can be mounted without being able to associate a significant usage footprint to a single client, as compared to what was seen in the single attacker scenario. Because current detection efforts are focused on excessive amounts of HTTP requests over a short period of time [56,87,120], as is the case in DDoS attack and flash crowds, it is likely that FRC attacks will go undetected.…”

Section: Scenario -Ec2mentioning

confidence: 99%

“…Within this body of work, some have sought to distinguish flash crowds from DDoS attacks [56,120,124]. It was found that the number of overall client requests in a flash crowd was proportional to the number of users [124] and that flash crowds do not exhibit higher per-client request rates [56]; both are behaviors that differ from DDoS attacks.…”

Section: Application-layer Ddosmentioning

confidence: 99%

See 2 more Smart Citations

Exploiting Cloud Utility Models for Profit and Ruin

Idziorek

Tannian

2011

2011 IEEE 4th International Conference on Cloud Computing

View full text Add to dashboard Cite

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

Odusami

Misra

Abayomi‐Alli

et al. 2020

Int J Communication

View full text Add to dashboard Cite

SummaryBackgroundOne of the significant attacks targeting the application layer is the distributed denial‐of‐service (DDoS) attack. It degrades the performance of the server by usurping its resources completely, thereby denying access to legitimate users and causing losses to businesses and organizations.AimThis study aims to investigate existing methodologies for application‐layer DDoS (APDDoS) attack defense by using specific measures: detection methods/techniques, attack strategy, and feature exploration of existing APDDoS mechanisms.MethodologyThe review is carried out on a database search of relevant literature in IEEE Xplore, ACM, Science Direct, Springer, Wiley, and Google Search. The search dates to capture journals and conferences are from 2000 to 2019. Review papers that are not in English and not addressing the APDDoS attack are excluded. Three thousand seven hundred eighty‐nine studies are identified and streamlined to a total of 75 studies. A quantifiable assessment is performed on the selected articles using six search procedures, namely: source, methods/technique, attack strategy, datasets/corpus, status, detection metric, and feature exploration.ResultsBased on existing methods/techniques for detection, the results show that machine learning gave the highest proportion with 36%. However, assessment based on attack strategy shows that several studies do not consider an attack form for deploying their solution. Result based on existing features for the APDDoS detection technique shows request stream during a user session and packet pattern gave the highest result with 47%. Unlike packet header information with 33%, request stream during absolute time interval with 12% and web user features 8%.ConclusionResearch findings show that a large proportion of the solutions for APDDoS attack detection utilized features based on request stream during user session and packet pattern. The optimization of features will improve detection accuracy. Our study concludes that researchers need to exploit all attack strategies using deep learning algorithms, thus enhancing effective detection of APDDoS attack launch from different botnets.

show abstract

CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd

Cited by 34 publications

References 15 publications

Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach

Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach

Exploiting Cloud Utility Models for Profit and Ruin

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

Contact Info

Product

Resources

About