Welcome to the InfoSci Platform
Reference Hub1
A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments

A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments

Anderson Aparecido Alves da Silva, Leonardo Santos Silva, Erica Leandro Bezerra, Adilson Eduardo Guelfi, Claudia de Armas, Marcelo Teixeira de Azevedo, Sergio Takeo Kofuji
Copyright: © 2022 |Volume: 16 |Issue: 1 |Pages: 16
ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781683180203|DOI: 10.4018/IJISP.2022010104
Cite Article Cite Article

MLA

Alves da Silva, Anderson Aparecido, et al. "A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments." IJISP vol.16, no.1 2022: pp.1-16. http://doi.org/10.4018/IJISP.2022010104

APA

Alves da Silva, A. A., Silva, L. S., Bezerra, E. L., Guelfi, A. E., de Armas, C., Teixeira de Azevedo, M., & Kofuji, S. T. (2022). A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments. International Journal of Information Security and Privacy (IJISP), 16(1), 1-16. http://doi.org/10.4018/IJISP.2022010104

Chicago

Alves da Silva, Anderson Aparecido, et al. "A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments," International Journal of Information Security and Privacy (IJISP) 16, no.1: 1-16. http://doi.org/10.4018/IJISP.2022010104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

A Flash Crowd (FC) event occurs when network traffic increases suddenly due to a specific reason (e.g. e-commerce sale). Despite its legitimacy, this kind of situation usually decreases the network resource performance. Furthermore, attackers may simulate FC situations to introduce undetected attacks, such as Distributed Denial of Service (DDoS), since it is very difficult to distinguish between legitimate and malicious data flows. To differentiate malicious and legitimate traffic we propose applying zero inflated count data models in conjunction with the Correlation Coefficient Flow (CCF) method – a well-known method used in FC situations. Our results were satisfactory and improve the accuracy of CCF method. Furthermore, since the environment toggles between normal and FC situations, our method has the advantage of working in both situations.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.