Why we don't know how to simulate the Internet
Proceedings of the 29th conference on Winter simulation
Intrusion detection using autonomous agents
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
IBAN: Intrusion Blocker Based on Active Networks
DANCE '02 Proceedings of the 2002 DARPA Active Networks Conference and Exposition
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
LADS: large-scale automated DDOS detection system
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Controlled flooding search in a large network
IEEE/ACM Transactions on Networking (TON)
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Anomaly-based identification of large-scale attacks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
An extensible and flexible system for network anomaly detection
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Controlled Chaos [Internet Security]
IEEE Spectrum
Network intrusion and fault detection: a statistical anomaly approach
IEEE Communications Magazine
Collaborative anomaly-based attack detection
IWSOS'07 Proceedings of the Second international conference on Self-Organizing Systems
Trustworthy placements: Improving quality and resilience in collaborative attack detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
The Internet infrastructure and Internet-based business today still suffer from various attacks like Distributed Denial-of-Service (DDoS) attacks or worm propagations. A necessary first step in order to cope with such large-scale attacks is to provide an Internet-wide detection of such ongoing attacks, i.e., a detection that is not limited to single detection systems only. Therefore, collaborative detection systems were developed in the past. They, however, often rely on close trust relationships, which only rarely are available in the Internet. This means that the scope of detection is limited to only a small part of the Internet, mostly to a single administrative domain. This paper, therefore, introduces our newly developed collaborative attack detection that facilitates collaboration beyond domain boundaries without requiring close trust relationships. In-network detection systems are explicitly considered, too. Such systems are located on routers in the core of the Internet and are characterized by limited resources available for detection. Finally, a detailed simulative evaluation of our proposed solution is presented.