A Behavior-Based Method for Distinction of Flooding DDoS and Flash Crowds.

DDoS and Flash Crowds are always difficult to distinguish. In order to solve this issue, this paper concluded a new feature set to profile the behaviors of legitimate users and Bots, and proposed an idea employed Random Forest to distinguish DDoS and FC on two widelyused datasets. The results show that the proposed idea can achieve distinguishing accuracy more than 95%. With comparison with traditional methods-Entropy, it still has a high accuracy.