Mathematical Problems in Engineering
Volume 2012 (2012), Article ID 419319, 20 pages
http://dx.doi.org/10.1155/2012/419319
Research Article

Bound Maxima as a Traffic Feature under DDOS Flood Attacks

1Jiangsu Electronic Information Products Quality Supervision & Inspection Research Institute, China National Center for Quality Supervision and Test for the Internet of Things Products & Systems, No. 100, Jin-Shui Road, Wuxi 214073, China
2School of Information Science & Technology, East China Normal University, No. 500, Dong-Chuan Road, Shanghai 200241, China
3Department of Computer and Information Science, University of Macau Av. Padre Tomas Pereira, Taipa, Macau SAR, P.R., China
4College of Computer Science, Zhejiang University of Technology, Hangzhou 310023, China

Received 8 October 2011; Accepted 9 October 2011

Academic Editor: Thomas T. Yang

Copyright © 2012 Jie Xue et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

This paper gives a novel traffic feature for identifying abnormal variation of traffic under DDOS flood attacks. It is the histogram of the maxima of the bounded traffic rate on an interval-by-interval basis. We use it to experiment on the traffic data provided by MIT Lincoln Laboratory under Defense Advanced Research Projects Agency (DARPA) in 1999. The experimental results profitably enhance the evidences that traffic rate under DDOS attacks is statistically higher than that of normal traffic considerably. They show that the pattern of the histogram of the maxima of bounded rate of attack-contained traffic greatly differs from that of attack-free traffic. Besides, the present traffic feature is simple in mathematics and easy to use in practice.