Distributed change-point detection of DDoS attacks: experimental results on DETER testbed

Authors:
Yu Chen;Kai Hwang;Wei-Shinn Ku
Affiliations:
Department of Electrical and Computer Engineering, SUNY, Binghamton, NY;Department of Electrical Engineering, University of Southern California, Los Angeles, CA;Dept. of Computer Science and Software Engineering, Auburn University, Auburn, AL
Venue:
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Year:
2007

Citing 16
Cited 1

Abstraction-based intrusion detection in distributed environments

ACM Transactions on Information and System Security (TISSEC)
IP Traceback: A New Denial-of-Service Deterrent?

IEEE Security and Privacy
Self-configuring network traffic generation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Change-Point Monitoring for the Detection of DoS Attacks

IEEE Transactions on Dependable and Secure Computing
Perimeter-Based Defense against High Bandwidth DDoS Attacks

IEEE Transactions on Parallel and Distributed Systems
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks

IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks

IEEE Transactions on Parallel and Distributed Systems
DDoS defense by offense

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes

IEEE Transactions on Dependable and Secure Computing
Collaborative Detection of DDoS Attacks over Multiple Network Domains

IEEE Transactions on Parallel and Distributed Systems
Detecting distributed denial of service attacks by sharing distributed beliefs

ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Benchmarks for DDoS defense evaluation

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications

Anomaly-Based intrusion detection algorithms for wireless networks

WWIC'10 Proceedings of the 8th international conference on Wired/Wireless Internet Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is highly desired to detect the DDoS flooding attacks at an early stage in order to launch effective countermeasures timely. We have developed a distributed change-point detection scheme to detect flooding type DDoS attacks over multiple network domains. The approach is to monitor the spatiotemporal pattern of the attack traffic. We have simulated the new defense system on the DETER testbed. The new scheme is proven scalable to cover hundreds of ISP-controlled network domains. With 4 network domains working collaboratively, we achieved on the DETER testbed a 98% detection rate with less than 1% false alarms.