Protecting web servers from distributed denial of service attacks
Proceedings of the 10th international conference on World Wide Web
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
DDoS detection and traceback with decision tree and grey relational analysis
International Journal of Ad Hoc and Ubiquitous Computing
A layered detection method for malware identification
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Adaptive techniques based on machine learning and data mining are gaining relevance in self-management and self-defense for networks and distributed systems. In this paper, we focus on early detection and stopping of distributed flooding attacks and network abuses. We extend the framework proposed by Zhang and Parashar (2006) to cooperatively detect and react to abnormal behaviors before the target machine collapses and network performance degrades. In this framework, nodes in an intermediate network share information about their local traffic observations, improving their global traffic perspective. In our proposal, we add to each node the ability of learning independently, therefore reacting differently according to its situation in the network and local traffic conditions. In particular, this frees the administrator from having to guess and manually set the parameters distinguishing attacks from non-attacks: now such thresholds are learned and set from experience or past data. We expect that our framework provides a faster detection and more accuracy in front of distributed flooding attacks than if static filters or single-machine adaptive mechanisms are used. We show simulations where indeed we observe a high rate of stopped attacks with minimum disturbance to the legitimate users.