Skip to Main content Skip to Navigation
Conference papers

Fingerprinting Crowd Events in Content Delivery Networks: A Semi-supervised Methodology

Abstract : Crowd events or flash crowds are meant to be a voluminous access to media or web assets due to a popular event. Even though the crowd event accesses are benign, the problem of distinguishing them from Distributed Denial of Service (DDoS) attacks is difficult by nature as both events look alike. In contrast to the rich literature about how to profile and detect DDoS attack, the problem of distinguishing the benign crowd events from DDoS attacks has not received much interest. In this work, we propose a new approach for profiling crowd events and segregating them from normal accesses. We use a first selection based on semi-supervised approach to segregate between normal events and crowd events using the number of requests. We use a density based clustering, namely, DBSCAN, to label patterns obtained from a time series. We then use a second more refined selection using the resulted clusters to classify the crowd events. To this end, we build a XGBoost classifier to detect crowd events with a high detection rate on the training dataset (99%). We present our initial results of crowd events fingerprinting using 8 days log data collected from a major Content Delivery Network (CDN) as a driving test. We further prove the validity of our approach by applying our models on unseen data, where abrupt changes in the number of accesses are detected. We show how our models can detect the crowd event with high accuracy. We believe that this approach can further be used in similar CDN to detect crowd events.
Document type :
Conference papers
Complete list of metadata

Cited literature [31 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Thursday, December 13, 2018 - 4:03:42 PM
Last modification on : Thursday, February 7, 2019 - 3:37:43 PM
Long-term archiving on: : Thursday, March 14, 2019 - 3:59:40 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Amine Boukhtouta, Makan Pourzandi, Richard Brunner, Stéphane Dault. Fingerprinting Crowd Events in Content Delivery Networks: A Semi-supervised Methodology. 32th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2018, Bergamo, Italy. pp.312-329, ⟨10.1007/978-3-319-95729-6_20⟩. ⟨hal-01954410⟩



Record views


Files downloads