Skip to main content
SpringerLink
Log in

Autonomic Response to Distributed Denial of Service Attacks

  • Conference paper
  • First Online:
Recent Advances in Intrusion Detection (RAID 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2212))

Included in the following conference series:

Abstract

The Cooperative Intrusion Traceback and Response Architecture (CITRA) [1] and the Intruder Detection and Isolation Protocol (IDIP) [2] provide an infrastructure that enables intrusion detection systems, firewalls, routers, and other components to cooperatively trace and block network intrusions as close to their sources as possible. We present the results of recent testbed experiments using CITRA and IDIPto defend streaming multimedia sessions against the Stacheldraht DDoS toolkit. Experimental data suggests that these technologies represent a promising approach for autonomic DDoS defense.

This research was supported by DARPA/Rome Laboratory Contracts F30602-98-C- 0012, F30602-99-C-0181, and F30602-97-C-0309. Distribution Statement “A“, Approved for Public Release - Distribution Unlimited.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, “Cooperative Intrusion Traceback and Response Architecture (CITRA),” Proceedings of the Second DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.

    Google Scholar 

  2. D. Schnackenberg, K. Djahandari, and D. Sterne, “Infrastructure for Intrusion Detection and Response,” Proceedings of the DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.

    Google Scholar 

  3. Arbor Networks-http://www.arbornetworks.com.

  4. Recourse Technologies ManHunt product description-http://www.recourse.com/products/manhunt/features.html.

  5. R. Stone, “CenterTrack: An IPOv erlay Network for Tracking DoS Floods,” Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 14-17, 2000.

    Google Scholar 

  6. “Protocol Definition-Intruder Detection and Isolation Protocol Concept, Dynamic Cooperating Boundary Controllers Interim Technical Report,” Boeing Document Number D658-10732-1, Boeing Defense & Space Group, Seattle, WA, January 1997 (ftp://ftp.tislabs.com/pub/IDIP/DCBC_Interim_Report.pdf).

  7. CERT cAdvisory CA-2000-01 Denial-of-Service Developments, http://www.cert.org/advisories/CA-2000-01.html.

  8. S. Ying, “IA0126 DDoS Automated Response Re-Run,” presentation given at DARPA Information Assurance Program Biweekly Meeting, September 29, 2000 (http://ests.bbn.com/dscgi/ds.py/Get/File-2392/ia0126_Brief.ppt or ftp://ftp.tislabs.com/pub/IDIP/Ying_briefing.ppt.

  9. L. Sanchez, W. Milliken, A. Snoeren, F. Tchakountio, C. Jones, S. Kent, C. Partridge, and W. Strayer, “Hardware Support for a Hash-Based IPT raceback,” Proceedings of the Second DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.

    Google Scholar 

  10. S. Floyd, S. Bellovin, J. Ioannidis, R. Mahajan, V. Paxson, and S. Shenker, “Aggregate-Based Congestion Control and Pushback,” ACIRI Annual Review, December 5, 2000 http://www.aciri.org/floyd/talks/ACIRI-Dec00.pdf.

  11. R. Mahajan and S. Floyd, “Controlling High-Bandwidth Flows at the Congested Router,” AT&T Center for Internet Research at ICSI (ACIRI), Preliminary Draft, November 20, 2000 (http://www.aciri.org/floyd/papers/red-pd.pdf).

  12. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” AT&T Center for Internet Research at ICSI (ACIRI), DRAFT, February 5, 2001 (http://www.research.att.com/smb/papers/DDOS-lacc.pdf).

  13. Steven M. Bellovin, Editor, “ICMPT raceback Messages,” Internet Draft: draft-bellovin-itrace-00.txt, Mar. 2000.

    Google Scholar 

  14. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical Network Support for IPT raceback,” Proceedings of the 2000 ACM SIGCOMM Conference, August 2000.

    Google Scholar 

  15. Dawn X. Song and Adrian Perrig, “Advanced and Authenticated Marking Schemes for IPT raceback,” Report No. UCB/CSD-00-1107, Computer Science Division (EECS) University of California, Berkeley, California, June 2000. Autonomic Response to Distributed Denial of Service Attacks 149

    Google Scholar 

  16. H. Y. Chang, P. Chen, A. Hayatnagarkar, R. Narayan, P. Sheth, N. Vo, C. L. Wu, S. F. Wu, L. Zhang, X. Zhang, F. Gong, F. Jou, C. Sargor, and X. Wu, “Design and Implementation of A Real-Time Decentralized Source Identification System for Untrusted IPP ackets,” Proceedings of the DARPA Information Survivability Conference & Exposition, January 2000.

    Google Scholar 

  17. Glenn Sager, “Security Fun with OCxmon and cflowd,” Presentation at the Internet-2 Measurement Working Group, November 1998 (http://www.caida.org/projects/ngi/content/security/1198/mt0009.htm).

Download references

Author information

Authors and Affiliations

  1. NAI Labs, 3060 Washington Road, Glenwood, MD, 21738

    Dan Sterne, Kelly Djahandari, Brett Wilson & Bill Babson

  2. Boeing Phantom Works, MS 88-12, PO Box 3999, Seattle, WA, 98124-2499

    Dan Schnackenberg, Harley Holliday & Travis Reid

Authors
  1. Dan Sterne
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kelly Djahandari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Brett Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bill Babson
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dan Schnackenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Harley Holliday
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Travis Reid
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Georgia Institute of Technology, College of Computing, 801 Atlantic Drive, Atlanta, Georgia, 30332-0280, USA

    Wenke Lee

  2. SUPELEC, BP 28, 35511, Cesson Sevigne Cedex, France

    Ludovic Mé

  3. IBM Research, Zurich Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Andreas Wespi

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sterne, D. et al. (2001). Autonomic Response to Distributed Denial of Service Attacks. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_9

Download citation

  • DOI: https://doi.org/10.1007/3-540-45474-8_9

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42702-5

  • Online ISBN: 978-3-540-45474-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation