Abstract
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In this paper, we propose a novel global defense architecture to protect the entire Internet from DDoS attacks. This architecture includes all the three parts of defense during the DDoS attack: detection, filtering and traceback, and we use different agents distributed in routers or hosts to fulfill these tasks. The superiority of the architecture that makes it more effective includes: (i) the attack detection algorithm as well as attack filtering and traceback algorithm are both network traffic-based algorithms; (ii) our traceback algorithm itself also can mitigate the effects of the attacks. Our proposed scheme is implemented through simulations of detecting and defending SYN Flooding attack, which is an example of DDoS attack. The results show that such architecture is much effective because the performance of detection algorithm and traceback algorithm are both better.
This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43), and Natural Science Foundation of Electronic and Information Engineering School, Xi’an jiaotong university.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Comp. Emergency Response Team: Results of the Distributed-Systems Intruder Tools Workshop (1999), http://www.cert.org/reports/dsit_workshop-final.html
Haining, W., Danlu, Z., Kang, G.S.: Detecting SYN flooding attacks. In: Proc. IEEE INFOCOM, vol. 3, pp. 1530–1539. IEEE Computer Society Press, Los Alamitos (2002)
Caberera, J.B.D., Ravichandran, B., Mehra, R.K.: Statistical traffic modeling for network intrusion detection. In: Proc. IEEE International Symposium on Modeling, Analysis and Simulation of Computer Telecommunication Systems, pp. 466–473 (2000)
John, E.D., Jukka, J., Ourania, K., Julie, A.D.: Fuzzy intrusion detection. In: IFSA World Congress and 20th NAFIPS International Conference, vol. 3, pp. 1506–1510 (2001)
Garcia, R.C., Sadiku, M.N.O., Cannady, J.D.: WAID: wavelet analysis intrusion detection. In: Proc. IEEE MWSCAS 2002, vol. 3, pp. III-688 - III-691 (2002)
Nash, D.A., Daniel, J.R.: Simulation of Self-Similarity in Network Utilization Patterns as a Precursor to Automated Testing of Intrusion Detection Systems. IEEE Transactions on systems 31(4), 327–331 (2001)
Jonckheere, E., Shah, K., Bohacek, S.: Dynamic modeling of Internet traffic for intrusion detection. In: Proc. American Control Conferenc, vol. 3, pp. 2436–2442 (2002)
Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. In: RFC 2267 (January 1998)
Park, K., Heejo, L.: On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In: Proc. ACM SIGCOMM, pp. 15–26 (2001)
Bellovin, S.M.: ICMP Traceback Messages. IETF, Internet Draft: draftbellovin-itrace-00.txt (March 2000)
Stefan, S., David, W., Anna, K., Tom, A.: Practical Network Support for IP Traceback. In: Proc. ACM SIGCOMM, pp. 295–308 (2000)
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-Based IP Traceback. In: Proc. ACM SIGCOMM, pp. 3–14 (2001)
Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proc. IEEE INFOCOM, pp. 878–886. IEEE Computer Society Press, Los Alamitos (2001)
Robert, S.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proc. Ninth USENIX Security Symp., pp. 199–212 (2000)
Xinyu, Y., Ming, Z., Rui, Z., Yi, S.: A Novel LMS Method for Real-time Network Traffic Prediction. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 127–136. Springer, Heidelberg (2004)
The Network Simulator - ns-2, http://www.isi.edu/nsnam/ns/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shi, Y., Yang, X. (2005). A Novel Architecture for Detecting and Defending Against Flooding-Based DDoS Attacks. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_54
Download citation
DOI: https://doi.org/10.1007/11596981_54
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30819-5
Online ISBN: 978-3-540-31598-8
eBook Packages: Computer ScienceComputer Science (R0)