Guoxing Zhang
ABSTRACT
Denial-of-Service (DoS) attacks especially distributed DoS (DDoS) attacks have become significant and increasing threats to the Internet. Huge efforts from both academia and industry have been made on detection and defense of DDoS attacks. However, most detection and defense schemes do not directly aim at protecting the victim of attacks itself (e.g., servers) but attack sources or intermediate network units. Although locating and identifying attacking sources are critical to stop attacks and for legal procedure, rapid and efficient predicting DDoS attacks to happen in the server is more important to reduce damage caused by attacks and even prevent attacks from happening. However, this part has not been addressed sufficiently in the literature. In this paper, we first briefly review research efforts on DDoS attacks, and then discuss a method to define and quantify attacks to severs based on available service rates. This is because the server is often the direct victim of DDoS attacks and the one-point failure of the entire service system. No matter whether there are attacks undergoing, if a sever is overloaded even by normal service requests, the effect imposed to a service system is equivalent to that of attacks. A prediction method for the available service rate of the protected server is then proposed, which applies the Auto Regressive Integrated Auto Regressive (ARIMA) model. Finally, we investigate the proposed prediction method to predict DDoS attacks through simulation studies with NS2. The simulation results show that the prediction algorithm is effective to predict most attacks.
- S. Cheung, "Denial of Service against the Domain Name System," IEEE Security and Privacy, 2006. Google Scholar
Digital Library
- H. R. Nageth, K. C. Sekaran and A. R. Kordcal, "Proactive model for Mitigating Internet Denial-of-Service Attacks," IEEE Computer Society, May 2007. Google ScholarDigital Library
- P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing," IRFC 2267, January 1998. Google ScholarDigital Library
- Y. N. Jing, P. Tu, X. P. Wang and G. D. Zhang, "Distributed-Log-Based Scheme for IP Traceback," IEEE Computer Society, CIT05, 2005. Google ScholarDigital Library
- R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," In ACM Computer Communication Review, July 2001. Google ScholarDigital Library
- J. Mirkovic and P. Reiher "A taxonomy of DDoS Attack and DDoS Defense Mechanisms," ACM SIGCOMM, April 2004. Google ScholarDigital Library
- J. Mirkovic and P. Reiher, "D-WARD: A Source-End Defence against Flooding Denial-of-Service Attacks," IEEE Computer Society, Jury 2005.Google Scholar
- H. Wang, D. Zhang and K. G. Shin, "Change-Point Monitoring for the Detection of DoS Attacks," IEEE Trans. Dependable and Secure Computing, vol. 1, no. 4, Oct.-Dec. 2004. Google ScholarDigital Library
- Y. Kim, W. C. Lau and M. C. Chauah, "Packet Score: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks," IEEE Computer Society, May 2006.Google Scholar
- A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent and W. T. Strayer, "Hashbased IP Traceback," In Proceedings of the ACM SIGCOMM, August 2001. Google ScholarDigital Library
- G. Carl, G. Kesidis, R. R. Brooks and S. Rai, "Denial-of-Service Attack-Detection Techniques," In IEEE Internet Computing, June 2006. Google ScholarDigital Library
- A. Kuzmanovic and E. Knightly, "Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies," IEEE/ACM Transactions on Networking, August 2006. Google ScholarDigital Library
- G. E. P. Box, G. M. Jenkins and G. C. Reinsel, "Time Series Analysis: Forecasting and Control(edition 3)," POSTS and TELECOM PRESSS, 2005. Google ScholarDigital Library
- "The Network Simulator NS-2," "http://www.isi.edu/nsnam/ns/."Google Scholar
Index Terms
- A prediction-based detection algorithm against distributed denial-of-service attacks
Recommendations
Surviving Distributed Denial-of-Service Attacks
A series of distributed denial-of-service (DDoS) attacks were launched against computer systems and services in the US and South Korea beginning July 4th. A DDoS attack is an attempt to make a computer service unavailable to its intended users. The ...
Defending against flooding-based distributed denial-of-service attacks: a tutorial
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its ...
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Comments