Mathematical Problems in Engineering
Volume 2008 (2008), Article ID 475878, 11 pages
doi:10.1155/2008/475878
Research Article
Detection of Variations of Local Irregularity of Traffic under DDOS Flood Attack
1School of Information Science and Technology, East China Normal University, No. 500, Dong-Chuan Road, Shanghai 200241, China
2Rensselaer Polytechnic Institute, 110 8th Street, Troy, NY 12180-3590, USA
Received 24 March 2008; Accepted 1 April 2008
Academic Editor: Cristian Toma
Copyright © 2008 Ming Li and Wei Zhao. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract
The aim of distributed denial-of-service (DDOS) flood attacks is to overwhelm the attacked site or
to make its service performance deterioration considerably by sending flood packets to the target from
the machines distributed all over the world. This is a kind of local behavior of traffic at the protected site
because the attacked site can be recovered to its normal service state sooner or later even though it is in
reality overwhelmed during attack. From a view of mathematics, it can be taken as a kind of short-range
phenomenon in computer networks. In this paper, we use the Hurst parameter (H) to
measure the local irregularity or self-similarity of traffic under DDOS flood attack provided that fractional
Gaussian noise (fGn) is used as the traffic model. As flood attack packets of DDOS make the
H value of arrival traffic vary significantly away from that of traffic normally arriving at the
protected site, we discuss a method to statistically detect signs of DDOS flood attacks with
predetermined detection probability and false alarm probability.