Characterizing DDoS attacks and flash events: Review, research gaps and future directions

Recent DDoS Attacks, [Online]. Available: https://www.ddosattacks.net/twitter-amazon-other-top-websites-shut-in-cyber-attack/ . Arbor Networks, DDoS attack report 2015. [Online]. Available: http://www.arbornetworks.com/images/documents/WISR2016ENWeb.pdf . Akamai’s Q4 DoS attack report 2016, [Online]. Available: https://www.akamai.com/us/en/.../q4-2016-state-of-the-internet-security-report.pdf . Latest DDoS Trends 2016, http://www.darkreading.com/vulnerabilities-and-threats/2016-ddos-attack-trends-by-the-numbers/d/d-id/1326754?image-number=3 . Latest DDoS Trends 2016, https://www.imperva.com/docs/DS_Incapsula_The_Top_10_DDoS_Attack_Trends_ebook.pdf . Bhandari, 2016, Characterizing flash events and distributed denial-of-service attacks: an empirical investigation, Secur. Commun. Netw., 9, 2222 Bhatia, 2011, Parametric differences between a real-world distributed denial-of-service attack and a flash event, 210 CAIDA DDoS attack dataset 2007. [Online]. Available: http://www.caida.org/data/passive/ddos-20070804dataset.xml . FIFA worldcup dataset 1998 [Online]. Available: http://ita.ee.lbl.gov/html/contrib/WorldCup.html . DDoS attack on Australian Censor Website, 2016, http://www.cso.com.au/article/604910/attack-australian-census-site-didn-t-register-global-ddos-sensors . S.M. Specht, R.B. Lee, Distributed denial of service: Taxonomies of attacks, tools, and countermeasures, in: ISCA PDCS, 2004, pp. 543–550. Mirkovic, 2004, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Comput. Commun. Rev., 34, 39, 10.1145/997150.997156 Peng, 2007, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Comput. Surv. (CSUR), 39, 3, 10.1145/1216370.1216373 Koutrouli, 2012, Taxonomy of attacks and defense mechanisms in P2P reputation systemslessons for reputation system designer, Comput. Sci. Rev., 6, 47, 10.1016/j.cosrev.2012.01.002 Bhuyan, 2014, Network anomaly detection: methods, systems and tools, IEEE Commun. Surv. Tutor., 16, 303, 10.1109/SURV.2013.052213.00046 Behal, 2017, Discriminating Flash events from DDoS attacks - a comprehensive review, Int. J. Netw. Secur., 19, 734 Wendell, 2011, Going viral: flash crowds in an open cdn, 549 Ari, 2003, Managing flash crowds on the internet, 246 Bhatia, 2012, Modelling web-server flash events, 79 Reddy, 2013, Techniques to differentiate DDoS attacks from flash crowds, Int. J. Adv. Res. Comput. Sci. Softw. Eng., 3 Gu, 2008 M.A.J. Dumoulin, C. Williamson, NASA web server logs, 1995. http://ita.ee.lbl.gov/html/contrib/NASA-HTTP.html . The Hindu Newspaper, Feb 2016. [Online]. Available: http://www.thehindu.com/sci-tech/technology/gadgets/freedom-251-website-down-for-second-day/article8257501.ece . B.B. Sale, Flipkar website goes down, 2014, [Online]. Available: http://www.gadgetsnow.com/tech-news/Flipkart-hosts-biggest-ever-sale-website-crashes/articleshow/44485872.cms . Microsft Office 365 goes down, June 2014. [Online]. Available: http://www.pcworld.com/article/2417840/microsoft-admits-communications-tech-problems-during-office-365-outages.html . Release of iOS7 update, Sept 2013. [Online]. Available: https://www.cnet.com/news/apples-ios-7-downloads-caused-major-internet-traffic-jams/ . Airing of castle in the sky in Japan, Aug 2013. https://blog.twitter.com/2013/new-tweets-per-second-record-and-how . Click frenzy : A mega tech fail, November 2012. [Online]. Available: http://www.smh.com.au/technology/technology-news/click-frenzy-a-mega-tech-fail-the-online-bonanza-that-became-nothing-of-the-sort-20121121-29p67.html . Sandy storm hits internet traffic, Oct 2012. http://www.huffingtonpost.in/entry/how-hurricane-sandy-impacn2066515 . Geroge Takie facebook post, June 2012. [Online]. Available: http://www.adweek.com/digital/george-takei-complaint/ . Soccer Worldcup Twitter statistics, June 2012. [Online]. Available: https://blog.twitter.com/2012/olympic-and-twitter-records . Death news of Steve Jobs, Oct 2011. [Online]. Available: https://www.cnet.com/news/twitter-reacts-with-emotion-to-steve-jobs-death/ . The Victoria secret Fashon show 1999. [Online] Available: http://edition.cnn.com/TECH/computing/9902/05/vicweb.idg/ . Jung, 2002, Flash crowds and denial of service attacks: Characterization and implications for CDNS and web sites, 293 Xie, 2009, Monitoring the application-layer DDoS attacks for popular websites, IEEE/ACM Trans. Netw., 17, 15, 10.1109/TNET.2008.925628 Wen, 2010, CALD: Surviving various application-layer DDoS attacks that mimic flash crowd, 247 Devi, 2012, A hybrid approach to counter application layer DDoS attacks, Int. J. Cryptogr. Inf. Secur. (IJCIS), 2 Beitollahi, 2012, Tackling application-layer DDoS attacks, Procedia Comput. Sci., 10, 432, 10.1016/j.procs.2012.06.056 Rahmani, 2012, Distributed denial-of-service attack detection scheme-based joint-entropy, Secur. Commun. Netw., 5, 1049, 10.1002/sec.392 Prasad, 2013, Discriminating DDoS attack traffic from flash crowds on internet threat monitors (ITM) using entropy variations, Afr. J. Comput. ICT, 6 Ni, 2013, Real-time detection of application-layer DDoS attack using time series analysis, J. Control Sci. Eng., 2013, 4, 10.1155/2013/821315 Katiyar, 2013, Detection and discrimination of DDoS attacks from flash crowd using entropy variations, Int. J. Eng. Technol. (IJET), 5, 3514 Tao, 2013, DDoS attack detection at local area networks using information theoretical metrics, 233 Saleh, 2015, A novel protective framework for defeating HTTP-based denial of service and distributed denial of service attacks, Sci. World J., 2015, 1, 10.1155/2015/238230 Sachdeva, 2016, A comprehensive approach to discriminate DDoS attacks from flash events, J. Inf. Secur. Appl., 26, 8 Behal, 2017, Detection of DDoS attacks and flash events using information theory metrics-An Empirical Investigation, Comput. Commun., 103, 18, 10.1016/j.comcom.2017.02.003 Behal, 2017, Detection of DDoS attacks and flash events using novel information theory metrics, Comput. Netw., 116, 96, 10.1016/j.comnet.2017.02.015 Yu, 2009, Discriminating DDoS flows from flash crowds using information distance, 351 Saravanan, 2016, Behavior-based detection of application layer distributed denial of service attacks during flash events, Turk. J. Electr. Eng. Comput. Sci., 24, 510, 10.3906/elk-1308-188 Bhatia, 2014, A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events, Comput. Secur., 40, 95, 10.1016/j.cose.2013.11.005 Yatagai, 2007, Detection of HTTP-GET flood attack based on analysis of page access behavior, 232 Li, 2009, Distinguishing DDoS attacks from flash crowds using probability metrics, 9 Thapngam, 2011, Discriminating DDoS attack traffic from flash crowd through packet arrival patterns, 952 Yu, 2012, Discriminating DDoS attacks from flash crowds using flow correlation coefficient, IEEE Trans. Parallel Distrib. Syst., 23, 1073, 10.1109/TPDS.2011.262 Zhou, 2014, Detection and defense of application-layer DDoS attacks in backbone web traffic, Future Gener. Comput. Syst., 38, 36, 10.1016/j.future.2013.08.002 Poorrnima, 2014, Adaptive discriminating detection for DDoS attacks from flash crowds using flow correlation coefficient with collective feedback, J. Comput. Eng., 16, 54 Patil, 2015, Improving network performance by differentiating DDoS attacks from flash crowds, Int. J. Adv. Res. Comput. Sci. Manag. Stud., 3 Varghese, 2015, Model based prediction technique for denial of service attack detection, Int. J. Innovations Adv. Comput. Sci., 4, 34 Roa, 2014, Implementation of detection against distributed reflection for rank correlation DoS attacks, Int. J. Adv. Technol. Innovative Res., 6, 516 Rao, 2015, Simulation of rank correlation based detection mechanism for distributed denial of services attacks, Int. J. Comput. (IJC), 16, 1 Xiao, 2015, Detecting DDoS attacks against data center with correlation analysis, Comput. Commun., 67, 66, 10.1016/j.comcom.2015.06.012 Chawla, 2016, Discrimination of DDoS attacks and flash events using pearsons product moment correlation method, Int. J. Comput. Sci. Inform. Secur., 14, 382 Durga, 2016, Detecting distributed reflection DoS attack using kendalls tau Rank correlation, Int. J. Sci. Technol., 1, 21 Bhatia, 2016, Ensemble-based model for DDoS attack detection and flash event separation, 958 Oikonomou, 2009, Modeling human behavior for defense against flash-crowd attacks, 1 Liao, 2015, Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching, Secur. Commun. Netw., 8, 3111, 10.1002/sec.1236 Johnson Singh, 2016, Entropy-based application layer DDoS attack detection using artificial neural networks, Entropy, 18, 350, 10.3390/e18100350 Deka, 2016, Self-similarity based DDoS attack detection using hurst parameter, Secur. Commun. Netw., 9, 4468, 10.1002/sec.1639 Shifali, 2016, Discrimination of DDoS attacks and Flash Events using Pearson’s Product Moment Correlation Method, Int. J. Comput. Sci. Inform. Secur., 14, 382 Behal, 2011, An experimental analysis for malware detection using extrusions, 474 Behal, 2016, Characterization and comparison of DDoS attack tools and traffic generators-a review, Int. J. Netw. Secur., 19, 383 Kaur, 2015, Characterization and comparison of distributed denial of service attack tools, 1139 Paxson, 1995, Wide area traffic: the failure of Poisson modeling, IEEE/ACM Trans. Netw. (ToN), 3, 226, 10.1109/90.392383 Behal, 2016, Trends in validation of DDoS Research, Procedia Comput. Sci., 85, 7, 10.1016/j.procs.2016.05.170 Bhuyan, 2015, An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection, Pattern Recognit. Lett., 51, 1, 10.1016/j.patrec.2014.07.019 Kandula, 2005, Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds, 287 G. Kaur, P. Luthra, S. Behal, K. Kumar, Mitigation of flood based DDoS attack using captcha -a Review, in: National Conference on Computing, Communation and Electrical System (NCCCES), 2015 National Conference on. IJCSN, 2015, pp. 11–18. Xie, 2012, A structural approach for modelling the hierarchical dynamic process of web workload in a large-scale campus network, J. Netw. Comput. Appl., 35, 2081, 10.1016/j.jnca.2012.08.010