Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2003.10C.3.253

An Analysis of Network Traffic on DDoS Attacks against Web Servers  

Lee, Cheo-Iho (아주대학교 정보통신전문대학원 정보통신공학과)
Choi, Kyung-Hee (아주대학교 정보통신전문대학원)
Jung, Gi-Hyun (아주대학교 전자공학부)
Noh, Sang-Guk (가톨릭대학교 컴퓨터정보공학부)
Publication Information
The KIPS Transactions:PartC / v.10C, no.3, 2003 , pp. 253-264 More about this Journal
Abstract
This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings: the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of W packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.
Keywords
DoS; DDoS; Web; Network Traffic;
Citations & Related Records
연도 인용수 순위
  • Reference
1 V. Paxson, 'Growth Trends in Wide-Area TCP Connections,' IEEE Network, Vol.8, No.4, pp.8-17, July, 1994   DOI   ScienceOn
2 TheoryGroup, 'Remote Intrusion Detector(RID),' http://www.theorygroup.com/Software/RID, 2001
3 M. Arlitt and T. Jin, 'Workload Characterization of the 1998 World Cup Web Site,' IEEE Network, Vol.14, No.3, pp.30-37, May/June, 2000   DOI   ScienceOn
4 David Moore, Geoffrey M. Voelker and Stefan Savage, 'Inferring Internet Denial-of-Service Activity,' Proceedings of the 10th USENIX Security Symposium, pp.9-22, August, 2001
5 Kevin J. Houle and George M. Weaver, 'Trends in Denial of Service Attack Technolgy,' CERT Coordination Center, October, 2001
6 Rich Pethia, 'Internet Security Trends,' CERT Coordination Center, February, 2001
7 NIPC(National Infrastructure Protection Center), 'find_ddos,' http://www.nipc.gov/wanings/advisories, 2001
8 BindView's RAZOR Security Team, 'Zombie Zapper,' http://razor.bindview.com/tools/Zombiezapper_form.shtml, 2001
9 Dave Dittrichs, 'Dave Dittrichs Homepage,' http://www.washington.edu/People/dad, 2002
10 Packet Storm, 'DDoS Attack Tools,' http://www.packetstorm.widexs.nl/distributed/indexdate.shtml, 2002
11 Fielding, R., Mogul, J., Frystyk, H., Frystyk, H., Masinter, L., Leach, P. and Bernerslee, T., 'Hypertext Transfer Protocol-HTTP/1.1,' Tech.Rep.RFC 2616 IETF, http://www.ietf.org/rfc/rfc2616.txt
12 Standard Performance Evaluation Corporation, 'SPEC web99 benchmark,' http://www.spec.org/osg/web99
13 Joao B. D. Cabrera, 'Proactive Detection of Distributed Denial of Service Attacks using MIB Traffic Variables A Feasibility Study,' Proceedings of International Symposium of Integrated Network Management, May, 2001   DOI
14 Haining Wang, Danlu Zhang and Kang G. Shin, 'Detecting SYN Flooding Attacks,' Proceedings of IEEE INFOCOM'02, 2002
15 A. B. Kulkarni, S. F. Bush and S. C. Evans, 'Detecting Distrubuted Denial-of-Service Attacks Using Kolmogorov Complexity Metrics,' GE Research and Development Center, December, 2001
16 Thomer M. Gil and Massimiliano Poletto, 'MULTOPS : a data-structure for bandwidth attack detection,' Proceedings of the 10th USENLX Security Symposium, pp.23-38, August, 2001
17 Neil Macehiter, 'Web Server Performance and Scalability,' Zeus Technology, November, 2002
18 Thomer M. Gil, 'MULTOPS : a data structure for denial-of service attack detection,' Master thesis, Division of Mathematics and Computer Science, VCRIJE University, December, 2000
19 Pars Mutaf, 'Defending against a Denial-of-Service Attack on TCP,' Proceedings of the 2nd International Workshop on Recent Advances in Intrusion detection(RAID'99), 1999
20 Frank Kargl, Joem Maier and Michael Weber, 'Protecting Web Servers from Distributed Denial of Service Attacks,' In Proceedings of the 10th International Conference on World Wide Web, April, 2001   DOI
21 David J. Morse and Yi-Ming Xiong, 'Exploring the Impact of Hyper-Threading on Web Workloads,' Dell Computer Corporation, August, 2002
22 Allen Householder, Art Manion, Linda Pesante and George M. Weaver, 'Managing the Threat of Denial-of-Service Attacks,' CERT Coordination Center, October, 2001
23 WinCom System, 'Enhancing Web Performance with the WInCom Switching Server and Storage Area Networks,' Application Note, January, 2002
24 Alan Piszcz, Nicholas Orlans, Zachary Eyler-Walker and David Moore, 'Engineering Issues for an Adaptive Defense Network,' MITRE Technical Report, June, 2001
25 L. Garber, 'Denial-of-Service Attacks Rip the Internet,' IEEE Computer, pp.12-17, April, 2000   DOI   ScienceOn
26 The Tcpdump Group, 'LIBPCAP 0.6.2,' http://www.tcpdump.org, June, 2001
27 Venkata N. Padmanabhan and Lili Oiu, 'The Content and Access Dynamics of a Busy Web Site : Findings and Implications,' ACM SIGCOMM'00, August, 2000   DOI