SIAM Journal on Applied Mathematics
Epidemic algorithms for replicated database maintenance
PODC '87 Proceedings of the sixth annual ACM Symposium on Principles of distributed computing
Principles of a computer immune system
NSPW '97 Proceedings of the 1997 workshop on New security paradigms
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
NetSTAT: a network-based intrusion detection system
Journal of Computer Security
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Code red worm propagation modeling and analysis
Proceedings of the 9th ACM conference on Computer and communications security
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
ACM Transactions on Computer Systems (TOCS)
Knowledge and common knowledge in a distributed environment
PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing
An Empirical Model of HTTP Network Traffic
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Gossip-Based Computation of Aggregate Information
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Gossip-based aggregation in large dynamic networks
ACM Transactions on Computer Systems (TOCS)
Countering Network Worms Through Automatic Patch Generation
IEEE Security and Privacy
Decentralized information sharing for detection and protection against network attacks
Decentralized information sharing for detection and protection against network attacks
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Autograph: toward automated, distributed worm signature detection
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A gossip-style failure detection service
Middleware '98 Proceedings of the IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing
Proceedings of the First International Workshop on Data Dissemination for Large Scale Complex Critical Infrastructures
SMURFEN: a system framework for rule sharing collaborative intrusion detection
Proceedings of the 7th International Conference on Network and Services Management
An event-based platform for collaborative threats detection and monitoring
Information Systems
| Hi-index | 0.00 |
Network attacks, such as distributed denial of service (DDoS) and Internet worms, are highly distributed and well coordinated offensive assaults on services, hosts, and the infrastructure of the Internet, and can have disastrous effects including financial losses and disruption of essential services. Consequently, effective defensive countermeasures against these attacks must provide equally sophisticated and well coordinated mechanisms for monitoring, analysis, and response. In this paper, we investigate techniques for cooperative attack detection and countermeasures using decentralized information sharing. The key underlying idea is the use of epidemic algorithms to share attack information and achieve quasi-global knowledge about attack behaviors. This paper first presents a conceptual model that defines the relationships between the level of knowledge in the distributed system and the accuracy of attack detection. The design of a cooperative attack detection and defense framework is then presented, and its use for detecting and defending against DDoS attacks and Internet worms is described. Simulation results are presented to demonstrate the feasibility and effectiveness of the framework against these attacks.