An Analysis of Network Traffic on DDoS Attacks against Web Servers


KIPS Transactions on Computer and Communication Systems, Vol. 10, No. 3, pp. 253-264, Jun. 2003
10.3745/KIPSTC.2003.10.3.253,   PDF Download:

Abstract

This paper presents the analytic model of Distributed Denial-of-Service (DDoS) attacks in two settings : the normal Web server without any attack and the Web server with DDoS attacks. In these settings, we measure TCP flag rate, which is expressed in terms of the ratio of the number of TCP flags, i.e., SYN, ACK, RST, etc., packets over the total number of TCP packets, and Protocol rate, which is defined by the ratio of the number of TCP (UDP or ICMP) packets over the total number of IP packets. The experimental results show a distinctive and predictive pattern of DDoS attacks. We wish our approach can be used to detect and prevent DDoS attacks.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
C. H. Lee, K. H. Choi, G. H. Jung and S. U. Noh, "An Analysis of Network Traffic on DDoS Attacks against Web Servers," KIPS Journal C (2001 ~ 2012) , vol. 10, no. 3, pp. 253-264, 2003. DOI: 10.3745/KIPSTC.2003.10.3.253.

[ACM Style]
Cheol Ho Lee, Kyung Hee Choi, Gi Hyun Jung, and Sang Uk Noh. 2003. An Analysis of Network Traffic on DDoS Attacks against Web Servers. KIPS Journal C (2001 ~ 2012) , 10, 3, (2003), 253-264. DOI: 10.3745/KIPSTC.2003.10.3.253.