Distinguishing DDoS Attacks From Flash Crowds Using Probability Metrics

Both Flash crowds and DDoS (Distributed Denial-of-Service) attacks have very similar properties in terms of internet traffic, however Flash crowds are legitimate flows and DDoS attacks are illegitimate flows, and DDoS attacks have been a serious threat to internet security and stability. In this paper, the authors propose a set of novel methods using probability metrics to distinguish DDoS attacks from Flash crowds effectively, and their simulations show that the proposed methods work well. In particular, these methods can not only distinguish DDoS attacks from Flash crowds clearly, but also can distinguish the anomaly flow being DDoS attacks flow or being Flash crowd flow from Normal network flow effectively.