多管理域合作检测DDoS攻击的一个方法

苏衡; 鞠九滨

多管理域合作检测DDoS攻击的一个方法

苏衡,
鞠九滨

吉林大学计算机科学与技术学院长春 130012

基金项目: 国家自然科学基金资助项目(90204014); 吉林省自然科学基金资助项目(20030516-2)

详细信息

中图分类号: TP 39308
计量
- 文章访问数: 3396
- HTML全文浏览量: 342
- PDF下载量: 690
- 被引次数: 0
出版历程
- 收稿日期: 2004-06-25
- 网络出版日期: 2004-11-30

Method of cooperative detecting DDoS attacks across multiple domains

Su Heng,
Ju Jiubin

School of Computer Science and Technology, Jilin University, Changchun 130054, China

摘要

摘要: 为有效地防御分布式拒绝服务 DDoS(Distributed Denial of Service) 的攻击,提出了基于多域间入侵检测系统 IDSs(Intrusion Detection Systems) 合作的攻击检测模型.围绕重要网络资源,构建了以〈路由器,IDS〉对为基础的闭合的IDS 合作环,通过环上节点间信息共享和合作组内的警报关联分析,能够在DDoS攻击数据包汇聚成致命攻击流之前捕获攻击特征并采取相关措施.提出了合作环组织方式、共享信息交换方式、警报关联算法以及各节点系统逻辑结构.利用原型多域合作入侵检测 MDCI(Multiple Domains Cooperative Intrusion-detection)系统实施了DDoS攻击实验,针对实验数据分析可以看出,合作环模型有效地提高了IDS系统对DDoS攻击的预警速度.
- 入侵检测系统 /
- 分布式拒绝服务攻击 /
- 合作检测 /
- 闭合环
Abstract: To prevent the DDoS(distributed denial of service) attacks effectivel y, a cooperative detection model was proposed based on the cooperation among the IDSs(intrusion detection systems) distributed in multiple administrative domai ns. Surrounding some valuable network assets, the enclosed defense ring was set up that consists of 〈IDS, Router〉 pairs with the IDS monitoring specific route r traffic. The IDSs reside in the ring were allotted to a cooperation group. With the information exchanging and alert correlating within the group, the signature s of DDoS attacks aimed at the network assets could be captured timely before th e overwhelming attack flooding aggregates. The construction method of cooperatio n rings, the information exchange mode, alerts correlation method and infrastruc ture of cooperative IDS entity were proposed. Some experiments were conducted wi th the MDCI(multiple domains cooperative intrusion-detection) system, a protot ype system. Results show that the prototype improves detection performance effec tively.
- intrusion detection system /
- distributed denial of service attack /
- co operative detection /
- enclosed defense ring

HTML全文

参考文献(1)

[1] Polla D, McConnell J, Frincke D, et al. A framework for cooperative intrus ion detection . In:Proceedings of the 21st National Information Systems Sec urity Conference . Virginia, 1998. 361~373 [2]Koutepas G, Stamatelopoulos F, Hatzigiannakis V, et al. An adaptable inter-domain infrastructure against DoS attacks . In:Proceedings of the International Conference on Advances in Infrastructure for e-Business, e-Education, e-Science, e-Medicine, and Mobile Technologies on the Internet . L'Aquila, 2003 [3]Moore D, Geoffrey M, Voelker. Inferring internet denial-of service activity . In:Proceedings of the 10th USENIX Security Symposium . Washington, D C, 2001 [4]Giles K E, Marchette D J, Priebe C E. On the spectral analysis of backscatter data . In:Proceedings of the Hawaii International Conference on Statistics, Mathematics, and Related Fields . Hawaii, 2004 [5]Mutaf P. Defending against a denial-of-service attack on TCP . In:Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection . Indiana, 1999 [6]Janakiraman R, Waldvogel M, Zhang Qi. Indra:A peer-to-peer approach to network intrusion detection and prevention . In:Proceedings of the Twelfth International Workshop on Enabling Technologies:Infrastructure for Collaborati ve Enterprises . Linz, 2003. 226~230 [7]Krügel C, Toth T. Distributed pattern detection for intrusion detection . In:Proceedings of the Network and Distributed System Security Symposium (NDSS), Internet Society . California, 2002 [8]Valdes A, Skinner K. Probabilistic alert correlation . In:Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection . Davis, 2001. 54~68 [9] 杨余旺,杨静宇,孙亚民.分布式拒绝服务(DDoS)攻击的实现机理及其防御研究[J]. 计算机安全, 2003, 4(4):30~34 Yang Yuwang, Yang Jingyu, Sun Yamin. Research on mechanism of DDoS attack and defense[J]. Journal of Network & Computer Security, 2003, 4(4):30~34(in Chinese)

施引文献

资源附件(0)

访问统计