Detection and Tracing Technique for DDoS Attacks from Flash Crowd

The number of Internet users is increasing exponentially and hence the services. We can avail almost all the services like Banking, Medical, Business, and Education etc via web. One can find almost every service online now days. All important services which are based on Internet needs to be maintained properly so that the users can avail them whenever they need. If the services are not available in time it will create a crisis. As the numbers of hosts in Internet are increasing, the threats to it are also increasing. Distributed Denial of Service (DDoS) and Flash Crowd attacks are the most deadly threats rising in Internet. Web services require security and stability and from these two concerns there are some methods that can differentiate DDoS attack from flash crowd and trace the sources of the attack in large amount of traffic in network. But it is difficult to detect the exact sources of DDoS attacks in traffic of network when flash crowd event is also present. Due to the resemblances of these two irregularities, attacker can easily mimic the harmful flow into legitimate network traffic patterns and the existing defense mechanism fail to detect real sources of attack on time. After analyzing the characteristics of DDoS attacks and the existing Algorithms to detect DDoS attacks, this paper proposes a detecting and tracing algorithm for DDoS attacks based on flow correlation coefficient. In this paper, flow correlation coefficient, a theoretic parameter, is used to differentiate DDoS attack from flash Crowd and trace the sources of the DDoS attack. The proposed approach focuses majorly on the efficiency and scalability features with minimum overhead in terms of resources and time, removal of traffic pattern dependency, increase in detection rate between DDoS and flash crowd and also trace the sources of DDoS attack.