On power-law relationships of the Internet topology
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
IP Traceback: A New Denial-of-Service Deterrent?
IEEE Security and Privacy
Power laws and the AS-level internet topology
IEEE/ACM Transactions on Networking (TON)
Self-configuring network traffic generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Adaptive trust negotiation and access control
Proceedings of the tenth ACM symposium on Access control models and technologies
Why is the internet traffic bursty in short time scales?
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers
IEEE Transactions on Parallel and Distributed Systems
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Collaborative Change Detection of DDoS Attacks on Community and ISP Networks
CTS '06 Proceedings of the International Symposium on Collaborative Technologies and Systems
On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
Detecting distributed denial of service attacks by sharing distributed beliefs
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Internet infrastructure security: a taxonomy
IEEE Network: The Magazine of Global Internetworking
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Large-scale evaluation of distributed attack detection
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
International Journal of Information and Computer Security
A novel DDOS attack defending framework with minimized bilateral damages
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
CluB: a cluster based framework for mitigating distributed denial of service attacks
Proceedings of the 2011 ACM Symposium on Applied Computing
Collaborative anomaly-based detection of large-scale internet attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Classification of UDP traffic for DDoS detection
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Thwarting DDoS attacks in grid using information divergence
Future Generation Computer Systems
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
| Hi-index | 0.00 |
This paper presents a new distributed approach to detecting DDoS (distributed denial of services) flooding attacks at the traffic flow level. The new defense system is suitable for efficient implementation over the core networks operated by Internet service providers (ISP). At the early stage of a DDoS attack, some traffic fluctuations are detectable at Internet routers or at gateways of edge networks. We develop a distributed change-point detection (DCD) architecture using change aggregation trees (CAT). The idea is to detect abrupt traffic changes across multiple network domains at the earliest time. Early detection of DDoS attacks minimizes the flooding damages to the victim systems serviced by the provider.The system is built over attack-transit routers, which work together cooperatively. Each ISP domain has a CAT server to aggregate the flooding alerts reported by the routers. CAT domain servers collaborate among themselves to make the final decision. To resolve policy conflicts at different ISP domains, a new secure infrastructure protocol (SIP) is developed to establish the mutual trust or consensus. We simulated the DCD system up to 16 network domains on the DETER testbed, a 220-node PC cluster for Internet emulation experiments at USC Information Science Institute. Experimental results show that 4 network domains are sufficient to yield a 98% detection accuracy with only 1% false-postive alarms. Based on a 2006 Internet report on AS (autonomous system) domain distribution, we prove that this DDoS defense systrem can scale well to cover 84 AS domains. This security coverage is wide enough to safeguard most ISP core networks from real-life DDoS flooding attacks.