Method of cooperative detecting DDoS attacks across multiple domains

Su Heng; Ju Jiubin

Volume 30 Issue 11

Nov. 2004

Turn off MathJax

Article Contents

Journal of Beijing University of Aeronautics and Astronautics > 2004 > 30(11): 1106-1110.

Su Heng, Ju Jiubin. Method of cooperative detecting DDoS attacks across multiple domains[J]. Journal of Beijing University of Aeronautics and Astronautics, 2004, 30(11): 1106-1110. (in Chinese)

Citation:

Su Heng, Ju Jiubin. Method of cooperative detecting DDoS attacks across multiple domains[J]. Journal of Beijing University of Aeronautics and Astronautics, 2004, 30(11): 1106-1110. (in Chinese)

Su Heng, Ju Jiubin. Method of cooperative detecting DDoS attacks across multiple domains[J]. Journal of Beijing University of Aeronautics and Astronautics, 2004, 30(11): 1106-1110. (in Chinese)

Citation:

Su Heng, Ju Jiubin. Method of cooperative detecting DDoS attacks across multiple domains[J]. Journal of Beijing University of Aeronautics and Astronautics, 2004, 30(11): 1106-1110. (in Chinese)

PDF( 400 KB)

Method of cooperative detecting DDoS attacks across multiple domains

Su Heng,
Ju Jiubin

School of Computer Science and Technology, Jilin University, Changchun 130054, China

Received Date: 25 Jun 2004
Publish Date: 30 Nov 2004

Abstract

Abstract

To prevent the DDoS(distributed denial of service) attacks effectivel y, a cooperative detection model was proposed based on the cooperation among the IDSs(intrusion detection systems) distributed in multiple administrative domai ns. Surrounding some valuable network assets, the enclosed defense ring was set up that consists of 〈IDS, Router〉 pairs with the IDS monitoring specific route r traffic. The IDSs reside in the ring were allotted to a cooperation group. With the information exchanging and alert correlating within the group, the signature s of DDoS attacks aimed at the network assets could be captured timely before th e overwhelming attack flooding aggregates. The construction method of cooperatio n rings, the information exchange mode, alerts correlation method and infrastruc ture of cooperative IDS entity were proposed. Some experiments were conducted wi th the MDCI(multiple domains cooperative intrusion-detection) system, a protot ype system. Results show that the prototype improves detection performance effec tively.
- intrusion detection system,
- distributed denial of service attack,
- co operative detection,
- enclosed defense ring

FullText(HTML)

References(1)

References

[1] Polla D, McConnell J, Frincke D, et al. A framework for cooperative intrus ion detection . In:Proceedings of the 21st National Information Systems Sec urity Conference . Virginia, 1998. 361~373 [2]Koutepas G, Stamatelopoulos F, Hatzigiannakis V, et al. An adaptable inter-domain infrastructure against DoS attacks . In:Proceedings of the International Conference on Advances in Infrastructure for e-Business, e-Education, e-Science, e-Medicine, and Mobile Technologies on the Internet . L'Aquila, 2003 [3]Moore D, Geoffrey M, Voelker. Inferring internet denial-of service activity . In:Proceedings of the 10th USENIX Security Symposium . Washington, D C, 2001 [4]Giles K E, Marchette D J, Priebe C E. On the spectral analysis of backscatter data . In:Proceedings of the Hawaii International Conference on Statistics, Mathematics, and Related Fields . Hawaii, 2004 [5]Mutaf P. Defending against a denial-of-service attack on TCP . In:Proceedings of the 2nd International Workshop on Recent Advances in Intrusion Detection . Indiana, 1999 [6]Janakiraman R, Waldvogel M, Zhang Qi. Indra:A peer-to-peer approach to network intrusion detection and prevention . In:Proceedings of the Twelfth International Workshop on Enabling Technologies:Infrastructure for Collaborati ve Enterprises . Linz, 2003. 226~230 [7]Krügel C, Toth T. Distributed pattern detection for intrusion detection . In:Proceedings of the Network and Distributed System Security Symposium (NDSS), Internet Society . California, 2002 [8]Valdes A, Skinner K. Probabilistic alert correlation . In:Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection . Davis, 2001. 54~68 [9] 杨余旺,杨静宇,孙亚民.分布式拒绝服务(DDoS)攻击的实现机理及其防御研究[J]. 计算机安全, 2003, 4(4):30~34 Yang Yuwang, Yang Jingyu, Sun Yamin. Research on mechanism of DDoS attack and defense[J]. Journal of Network & Computer Security, 2003, 4(4):30~34(in Chinese)

Relative Articles

Supplements(0)

Cited By

Proportional views