文献类型：会议论文

英文题名：Detect and Identify DDoS Attacks from Flash Crowd Based on Self-similarity and Renyi Entropy

作者：Yan, Ruoyu[1];Xu, Guoyu[1];Qin, XueJing[1]

第一作者：颜若愚

通讯作者：Yan, RY[1]

机构：[1]Henan Univ Econ & Law, Coll Comp & Informat Engn, Zhengzhou, Henan, Peoples R China

第一机构：河南财经政法大学计算机与信息工程学院

通讯机构：[1]corresponding author), Henan Univ Econ & Law, Coll Comp & Informat Engn, Zhengzhou, Henan, Peoples R China.|[1048412]河南财经政法大学计算机与信息工程学院;[10484]河南财经政法大学;

会议论文集：Chinese Automation Congress (CAC)

会议日期：OCT 20-22, 2017

会议地点：Jinan, PEOPLES R CHINA

语种：英文

外文关键词：Distributed Denial of Service; Flash Crowd; Information Theory; Self-similarity

摘要：The paper presents an effective identification method for DDoS attacks and flash crowd in the source-end network. As DDoS attack and flash crowd behavior dramatically increase the number of new (or forged) source IP addresses, the method firstly construct a time series by counting the number of new (or forged) IP addresses in the monitored local area network, and use VTP (variance-time plots) method to verify its self-similarity in normal environments. Then, whittle estimator is used to calculate Hurst index and its confidence interval to detect anomalies. Based on the detection results, in order to accurately identify these two network behaviors, the paper further proposes Renyi entropy based method to distinguish DDoS attack from flash crowd according to the characteristic that DDoS attack and flash crowd cause different degrees of dispersion in source IP address. Finally experimental results indicate that this method can not only detect the mutation of network traffic in real time and reduce false positives, but also accurately distinguish DDoS attack from flash crowd in the background of large network traffic.