The effects of DDoS attacks on flow monitoring applications

R. Sadre, Anna Sperotto, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    17 Citations (Scopus)
    8 Downloads (Pure)


    Flow-based monitoring has become a popular approach in many areas of network management. However, flow monitoring is, by design, susceptible to anomalies that generate a large number of flows, such as Distributed Denial-Of-Service attacks. This paper aims at getting a better understanding on how a flow monitoring application reacts to the presence of massive attacks.We analyze the performance of a flow monitoring application from the perspective of the flow data it has to process. We first identify the changes in the flow data caused by a massive attack and propose a simple queueing model that describes the behavior of the flow monitoring application. Secondly, we present a case study based on a real attack trace collected at the University of Twente and we analyze the performance of the flow monitoring application by means of simulation experiments. We conclude that the observed changes in the flow data might cause unwanted effects in monitoring applications. Furthermore, our results show that our model can help to parametrize and dimension flow-based monitoring systems.
    Original languageUndefined
    Title of host publicationProceedings of the 2012 IEEE Network Operations and Management Symposium (NOMS 2012)
    Place of PublicationUSA
    Number of pages9
    ISBN (Print)978-1-4673-0267-8
    Publication statusPublished - Apr 2012
    Event13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012 - Maui, United States
    Duration: 16 Apr 201220 Apr 2012
    Conference number: 13

    Publication series

    PublisherIEEE Computer Society
    ISSN (Print)1542-1201


    Conference13th IEEE/IFIP Network Operations and Management Symposium, NOMS 2012
    Abbreviated titleNOMS 2012
    Country/TerritoryUnited States
    Internet address


    • METIS-289689
    • IR-81678
    • CR-C.2.3
    • EWI-22240
    • EC Grant Agreement nr.: FP7/257513

    Cite this