Detecting distributed denial of service attacks by sharing distributed beliefs

Authors:
Tao Peng;Christopher Leckie;Kotagiri Ramamohanarao
Affiliations:
ARC Special Research Center for Ultra-Broadband Information Networks, Department of Electrical and Electronic Engineering, The University of Melbourne, Victoria, Australia;ARC Special Research Center for Ultra-Broadband Inf. Networks, Dept. of Electrical and Electronic Eng., The Univ. of Melbourne, Victoria, Australia and Dept. of Computer Sci. and Software Eng., Th ...;ARC Special Research Center for Ultra-Broadband Inf. Networks, Dept. of Electrical and Electronic Eng., The Univ. of Melbourne, Victoria, Australia and Dept. of Computer Sci. and Software Eng., Th ...
Venue:
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Year:
2003

Citing 6
Cited 9

Detection of abrupt changes: theory and application

Detection of abrupt changes: theory and application
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites

Proceedings of the 11th international conference on World Wide Web
Learning to Share Distributed Probabilistic Beliefs

ICML '02 Proceedings of the Nineteenth International Conference on Machine Learning
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Internet infrastructure security: a taxonomy

IEEE Network: The Magazine of Global Internetworking

One step ahead to multisensor data fusion for DDoS detection

Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Information sharing for distributed intrusion detection systems

Journal of Network and Computer Applications
Collaborative Detection of DDoS Attacks over Multiple Network Domains

IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed

DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Defending DDoS attacks using hidden Markov models and cooperative reinforcement learning

PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Highspeed and flexible source-end DDoS protection system using IXP2400 network processor

IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
Review: Analyzing well-known countermeasures against distributed denial of service attacks

Computer Communications
FireCol: a collaborative protection network for the detection of flooding DDoS attacks

IEEE/ACM Transactions on Networking (TON)
Dual-Level Attack Detection, Characterization and Response for Networks Under DDoS Attacks

International Journal of Mobile Computing and Multimedia Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a distributed approach to detect distributed denial of service attacks by monitoring the increase of new IP addresses. Unlike previous proposals for bandwidth attack detection schemes which are based on monitoring the traffic volume, our scheme is very effective for highly distributed denial of service attacks. Our scheme exploits an inherent feature of DDoS attacks, which makes it hard for the attacker to counter this detection scheme by changing their attack signature. Our scheme uses a sequential nonparametric change point detection method to improve the detection accuracy without requiring a detailed model of normal and attack traffic. In a multi-agent scenario, we show that by sharing the distributed beliefs, we can improve the detection efficiency.