AN APPROACH TO DISTINGUISH THE CONDITIONS OF FLASH CROWD VERSUS DDOS ATTACKS AND TO REMEDY A CYBER CRIME

Flash Crowds are the events that occur due to sudden increase in legitimate traffic towards a single web server due to popularity of that web server or a famous event posted on its web pages. Distributed DoS (DDoS) attacks are the attacking events conducted by an attacker to overwhelm the web server with huge amount of traffic due to which that web server cannot serve legitimate users. Distinguishing flash crowds from DDoS attacks is very important because the response of the defense systems should be different for these two types of traffic. Initially abnormal traffic condition on a web server is detected when there is a huge amount of traffic which is very larger than the normal traffic volume. Our proposed system makes use of flow strength as a metric for assigning suspicion mark to flows in order to group the flows as probable Flash Crowd flows or probable DDoS attack flows. The technique used here is very intuitive, functional and can be proved to be working in a simulation environment and is perhaps applicable for real time usage. We found some cyber crimes that are “Beyond DDoS Attacks” and we suggested a remedy for “Beyond DDoS Attacks”.