Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computational and Information Science

CIS 2005: Computational Intelligence and Security pp 364–374Cite as

A Novel Architecture for Detecting and Defending Against Flooding-Based DDoS Attacks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3802))

Abstract

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In this paper, we propose a novel global defense architecture to protect the entire Internet from DDoS attacks. This architecture includes all the three parts of defense during the DDoS attack: detection, filtering and traceback, and we use different agents distributed in routers or hosts to fulfill these tasks. The superiority of the architecture that makes it more effective includes: (i) the attack detection algorithm as well as attack filtering and traceback algorithm are both network traffic-based algorithms; (ii) our traceback algorithm itself also can mitigate the effects of the attacks. Our proposed scheme is implemented through simulations of detecting and defending SYN Flooding attack, which is an example of DDoS attack. The results show that such architecture is much effective because the performance of detection algorithm and traceback algorithm are both better.

This work is supported by the NSFC (National Natural Science Foundation of China – under Grant 60403028), NSFS (Natural Science Foundation of Shaanxi – under Grant 2004F43), and Natural Science Foundation of Electronic and Information Engineering School, Xi’an jiaotong university.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Comp. Emergency Response Team: Results of the Distributed-Systems Intruder Tools Workshop (1999), http://www.cert.org/reports/dsit_workshop-final.html

  2. Haining, W., Danlu, Z., Kang, G.S.: Detecting SYN flooding attacks. In: Proc. IEEE INFOCOM, vol. 3, pp. 1530–1539. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  3. Caberera, J.B.D., Ravichandran, B., Mehra, R.K.: Statistical traffic modeling for network intrusion detection. In: Proc. IEEE International Symposium on Modeling, Analysis and Simulation of Computer Telecommunication Systems, pp. 466–473 (2000)

    Google Scholar 

  4. John, E.D., Jukka, J., Ourania, K., Julie, A.D.: Fuzzy intrusion detection. In: IFSA World Congress and 20th NAFIPS International Conference, vol. 3, pp. 1506–1510 (2001)

    Google Scholar 

  5. Garcia, R.C., Sadiku, M.N.O., Cannady, J.D.: WAID: wavelet analysis intrusion detection. In: Proc. IEEE MWSCAS 2002, vol. 3, pp. III-688 - III-691 (2002)

    Google Scholar 

  6. Nash, D.A., Daniel, J.R.: Simulation of Self-Similarity in Network Utilization Patterns as a Precursor to Automated Testing of Intrusion Detection Systems. IEEE Transactions on systems 31(4), 327–331 (2001)

    Google Scholar 

  7. Jonckheere, E., Shah, K., Bohacek, S.: Dynamic modeling of Internet traffic for intrusion detection. In: Proc. American Control Conferenc, vol. 3, pp. 2436–2442 (2002)

    Google Scholar 

  8. Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. In: RFC 2267 (January 1998)

    Google Scholar 

  9. Park, K., Heejo, L.: On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. In: Proc. ACM SIGCOMM, pp. 15–26 (2001)

    Google Scholar 

  10. Bellovin, S.M.: ICMP Traceback Messages. IETF, Internet Draft: draftbellovin-itrace-00.txt (March 2000)

    Google Scholar 

  11. Stefan, S., David, W., Anna, K., Tom, A.: Practical Network Support for IP Traceback. In: Proc. ACM SIGCOMM, pp. 295–308 (2000)

    Google Scholar 

  12. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-Based IP Traceback. In: Proc. ACM SIGCOMM, pp. 3–14 (2001)

    Google Scholar 

  13. Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proc. IEEE INFOCOM, pp. 878–886. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  14. Robert, S.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proc. Ninth USENIX Security Symp., pp. 199–212 (2000)

    Google Scholar 

  15. Xinyu, Y., Ming, Z., Rui, Z., Yi, S.: A Novel LMS Method for Real-time Network Traffic Prediction. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 127–136. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. The Network Simulator - ns-2, http://www.isi.edu/nsnam/ns/

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science and Technology, Xi’an Jiaotong University, Xi’an, 710049, China

    Yi Shi & Xinyu Yang

Authors
  1. Yi Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microelectronic Instiute, Xidian University, 710071, Xi’an, China

    Yue Hao

  2. Department of Computer Science, Hong Kong Baptist University, Kowloon Tong, Hong Kong

    Jiming Liu

  3. School of Computer Science and Technology, Xidian University, Xi’an, China

    Yu-Ping Wang

  4. Department of Computer Science, Hong Kong Baptist University, Hong Kong,  

    Yiu-ming Cheung

  5. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  6. Life Science Research Center, School of Electronic Engineering, Xidian University, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  7. Key Laboratory of Computer Networks and Information Security(Ministry of Education), Xidian University, 710071, Xi’an, China

    Jianfeng Ma

  8. National Laboratory of Antennas and Microwave Technology, Xidian University, 710071, Xi’an, Shanxi, P.R. China

    Yong-Chang Jiao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shi, Y., Yang, X. (2005). A Novel Architecture for Detecting and Defending Against Flooding-Based DDoS Attacks. In: Hao, Y., et al. Computational Intelligence and Security. CIS 2005. Lecture Notes in Computer Science(), vol 3802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596981_54

Download citation

  • DOI: https://doi.org/10.1007/11596981_54

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30819-5

  • Online ISBN: 978-3-540-31598-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation