Mathematical Problems in Engineering
Volume 2008 (2008), Article ID 475878, 11 pages
Research Article

Detection of Variations of Local Irregularity of Traffic under DDOS Flood Attack

Ming Li1 and Wei Zhao2

1School of Information Science and Technology, East China Normal University, No. 500, Dong-Chuan Road, Shanghai 200241, China
2Rensselaer Polytechnic Institute, 110 8th Street, Troy, NY 12180-3590, USA

Received 24 March 2008; Accepted 1 April 2008

Academic Editor: Cristian Toma

Copyright © 2008 Ming Li and Wei Zhao. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The aim of distributed denial-of-service (DDOS) flood attacks is to overwhelm the attacked site or to make its service performance deterioration considerably by sending flood packets to the target from the machines distributed all over the world. This is a kind of local behavior of traffic at the protected site because the attacked site can be recovered to its normal service state sooner or later even though it is in reality overwhelmed during attack. From a view of mathematics, it can be taken as a kind of short-range phenomenon in computer networks. In this paper, we use the Hurst parameter (H) to measure the local irregularity or self-similarity of traffic under DDOS flood attack provided that fractional Gaussian noise (fGn) is used as the traffic model. As flood attack packets of DDOS make the H value of arrival traffic vary significantly away from that of traffic normally arriving at the protected site, we discuss a method to statistically detect signs of DDOS flood attacks with predetermined detection probability and false alarm probability.