Collaborative Defense Mechanism Using Statistical Detection Method against DDoS Attacks

ByungHak SONG
Joon HEO
Choong Seon HONG

Publication
IEICE TRANSACTIONS on Communications   Vol.E90-B    No.10    pp.2655-2664
Publication Date: 2007/10/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e90-b.10.2655
Print ISSN: 0916-8516
Type of Manuscript: Special Section PAPER (Special Section on New Challenge for Internet Technology and its Architecture)
Category: 
Keyword: 
IDS,  DDoS attack,  statistical detection,  collaborative defense,  detection threshold,  

Full Text: PDF(752.1KB)>>
Buy this Article


Summary: 
Distributed Denial-of-Service attack (DDoS) is one of the most outstanding menaces on the Internet. A DDoS attack generally attempts to overwhelm the victim in order to deny their services to legitimate users. A number of approaches have been proposed for defending against DDoS attacks accurately in real time. However, existing schemes have limits in terms of detection accuracy and delay if the IDRS (Intrusion Detection and Response System) deployed only at a specific location detects and responds against attacks. As in this case, it is not able to catch the characteristic of the attack which is distributed in large-scale. Moreover, the existing detection schemes have vulnerabilities to intellectual DDoS attacks which are able to avoid its detection threshold or delay its detection time. This paper suggests the effective DDoS defense system which uses the collaborative scheme among distributed IDRSs located in the vicinity of the attack source or victim network. In proposed scheme, both victim and source-end IDRS work synergistically to identify the attack and avoid false alarm rate up to great extent. Additionally, we propose the duplicate detection window scheme to detect various attacks dynamics which increase the detection threshold gradually in early stage. The proposed scheme can effectively detect and respond against these diverse DDoS attack dynamics.