Abstract
Distributed denial of service attacks are the serious candidates for traffic analysis next to traffic performance evaluation. As these threats deplete the network resources rapidly particularly link parameters, modeling these attacks provide a strong base for analyzing the attack characteristics. The solution domain uses active networks for implementation, as it supports active routers which can perform customized tasks on demand and ease of deploying. The paper presents a model based on packet attributes to characterize the attack traffic and a detection and response framework based on the model. The detection mechanism uses leaky buckets to rate limit the traffic based on the packet ranking using linear arithmetic. The simulation results depicting the attack traffic passed through the network as well as the legitimate traffic dropped at the active routers, under different attack scenarios, are found to be comparable to existing solutions with improved efficiency in detection rate and time.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Chen, L.-C., Longstaff, T.A., Carley, K.M.: Characterization of Defense Mechanisms against Distributed Denial of Service Attacks. Computer and Security (2004)
Bouzida, Y., Cuppens, F., Gombault, S.: Detecting and Reacting against Distributed Denial of Service Attacks. In: IEEE ICC proceedings (2006)
Borgnat, P., Abry, P., Dewaele, G., Larrieu, N., Owezarski, P., Zhang, Y., Labit, Y., Aussibal, J., Gallon, L., Scherrer, A., Bernaille, L., Boudaoud, K.: Denial of service attack detection based on a non Gaussian and multiresolution traffic modeling. Research report Project METROSEC (2006)
Yaar, A., Perrig, A., Song Pi, D.S.: A Path Identification Mechanism to Defend against DDoS Attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (2003)
Madan, B.B., Goseva-Popstojanova, K., Kalyanaraman, V., Trivedi, K.S.: A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems. In: Dependable systems and networks-performance and dependability symposium, pp. 167–186 (2002)
Wang, Y., Lin, C., Li, Q.-L., Fang, Y.: A queueing analysis for the denial of service (DoS) attacks in computer networks. Computer Networks 51(12), 3564–3573 (2007)
Nagesh, H.R., Chandra Sekaran, K., Kordcal, A.R.: Proactive model for Mitigating Internet Denial-of-Service Attacks. In: International Conference on Information Technology (2007)
Peng, T., Leckie, C., Ramamohanarao, K.: Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. White paper (2002)
Chen, Y., Kwok, Y.-K., Hwan, K.: Filtering Shrew DDoS Attacks Using A New Frequency-Domain Approach. In: Proceedings of The First IEEE LCN Workshop on Network Security (2005)
Ioannidis, J., Bellovin, S.M.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Network and Distributed System Security Symposium (2002)
Hussain, A., Heidemann, J., Papadopoulos, C.: Identification of Repeated Denial of Service Attacks. In: Proceedings of the IEEE Infocom (2006)
Oikonomou, G., Reiher, P., Robinson, M.: A Framework for A Collaborative DDoS Defense. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 33–42 (2006)
Mirkovic, J., Reiher, P.: D-WARD: A Source-End Defense Against Flooding Denial-of-Service Attacks. IEEE transactions on Dependable and Secure Computing 2(3), 216–232 (2005)
Lam, H.-Y., Li, C.-P., Chanson, S.T., Yeung, D.-Y.: A Coordinated Detection and Response Scheme for Distributed Denial-of-Service Attacks. In: Proceedings of IEEE International Conference on Communications (2006)
Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks. In: Transactions on dependable and secure computing (2006)
Wetherall, D.J., Guttag, J.V., Tennenhouse, D.L.: ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols. IEEE Open Architectures and Network Programming (3-4), 117–129 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Padmanabhan, J., Easwarakumar, K.S. (2008). Traffic Engineering Based Attack Detection in Active Networks. In: Garg, V., Wattenhofer, R., Kothapalli, K. (eds) Distributed Computing and Networking. ICDCN 2009. Lecture Notes in Computer Science, vol 5408. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-92295-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-92295-7_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-92294-0
Online ISBN: 978-3-540-92295-7
eBook Packages: Computer ScienceComputer Science (R0)