CCID: Cross-Correlation Identity Distinction Method for Detecting Shrew DDoS
| dc.contributor | Tardif, Pierre-Martin | |
| dc.contributor.author | Huang, Cheng | |
| dc.contributor.author | Yi, Ping | |
| dc.contributor.author | Zou, Futai | |
| dc.contributor.author | Yao, Yao | |
| dc.contributor.author | Wang, Wei | |
| dc.contributor.author | Zhu, Ting | |
| dc.date.accessioned | 2019-03-13T14:47:58Z | |
| dc.date.available | 2019-03-13T14:47:58Z | |
| dc.date.issued | 2019-02-20 | |
| dc.description.abstract | This study presents a new method for detecting ShrewDDoS (DistributedDenial of Service) attacks and analyzes the characteristics of the Shrew DDoS attack. Shrew DDoS is periodic to be suitable for the server’s TCP (Transmission Control Protocol) timer. It has lower maximum to bypass peak detection.This periodicity makes it distinguishable from normal data packets. By proposing the CCID (Cross-Correlation Identity Distinction) method to distinguish the flow properties, it quantifies the difference between a normal flow and an attack flow. Simultaneously, we calculated the cross-correlation between the attack flow and the normal flow in three different situations.The server can use its own TCP flow timer to construct a periodic attack flow.The cross-correlation between Gaussian white noise and simulated attack flow is less than 0.3.The cross-correlation between single-door function and simulated attack flow is 0.28. The cross-correlation between actual attack flow and simulated attack flow is more than 0.8. This shows that we can quantitatively distinguish the attack effects of different signals. By testing 4 million data, we can prove that it has a certain effect in practice. | en_US |
| dc.description.sponsorship | This work is supported by the National Natural Science Foundation of China (61571290, 61831007, and 61431008), National Key Research and Development Program of China (2017YFB0802900, 2017YFB0802300, and 2018YFB0803503), the NSFC Zhejiang Joint Fund for the Integration of Industrialization and Informationization under grant (U1509219), Shanghai Municipal Science and Technology Project under grants (16511102605, 16DZ1200702), Information Network Security Key Laboratory of the Ministry of Public Security Open Project Support (C18611), and NSF grants 1652669 and 1539047. | en_US |
| dc.description.uri | https://www.hindawi.com/journals/wcmc/2019/6705347/ | en_US |
| dc.format.extent | 10 pages | en_US |
| dc.genre | journal articles | en_US |
| dc.identifier | doi:10.13016/m23prq-p7kq | |
| dc.identifier.citation | Cheng Huang, Ping Yi, Futai Zou, Yao Yao, Wei Wang, and Ting Zhu, CCID: Cross-Correlation Identity Distinction Method for Detecting Shrew DDoS, Wireless Communications and Mobile Computing Volume 2019, Article ID 6705347, 9 pages, https://doi.org/10.1155/2019/6705347 | en_US |
| dc.identifier.uri | https://doi.org/10.1155/2019/6705347 | |
| dc.identifier.uri | http://hdl.handle.net/11603/13027 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | Hindawi | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | Attribution 4.0 International (CC BY 4.0) | * |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | * |
| dc.subject | DDoS (Distributed Denial of Service) | en_US |
| dc.subject | TCP (Transmission Control Protocol) | en_US |
| dc.subject | CCID (Cross-Correlation Identity Distinction) method | en_US |
| dc.title | CCID: Cross-Correlation Identity Distinction Method for Detecting Shrew DDoS | en_US |
| dc.type | Text | en_US |