STONE: a stream-based DDoS defense framework

Authors:
Mar Callau-Zori;Ricardo Jiménez-Peris;Vincenzo Gulisano;Marina Papatriantafilou;Zhang Fu;Marta Patiño-Martínez
Affiliations:
Universidad Politécnica de, Madrid, Spain;Universidad Politécnica de, Madrid, Spain;Universidad Politécnica de, Madrid, Spain;Chalmers University of Technology, Gothenburg, Sweden;Chalmers University of Technology, Gothenburg, Sweden;Universidad Politécnica de, Madrid, Spain
Venue:
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Year:
2013

Citing 12
Cited 0

A signal analysis of network traffic anomalies

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Sketch-based change detection: methods, evaluation, and applications

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Combining routing and traffic data for detection of IP forwarding anomalies

Proceedings of the joint international conference on Measurement and modeling of computer systems
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
On scalable attack detection in the network

IEEE/ACM Transactions on Networking (TON)
Anomaly detection: A survey

ACM Computing Surveys (CSUR)
Characteristic analysis of internet traffic from the perspective of flows

Computer Communications
StreamCloud: A Large Scale Data Streaming System

ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
ASTUTE: detecting a different class of traffic anomalies

Proceedings of the ACM SIGCOMM 2010 conference
On collection of large-scale multi-purpose datasets on internet backbone links

Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
CluB: a cluster based framework for mitigating distributed denial of service attacks

Proceedings of the 2011 ACM Symposium on Applied Computing
StreamCloud: An Elastic and Scalable Data Streaming System

IEEE Transactions on Parallel and Distributed Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

An effective Distributed Denial of Service (DDoS) defense mechanism must guarantee legitimate users access to an Internet service masking the effects of possible attacks. That is, it must be able to detect threats and discard malicious packets in a online fashion. Given that emerging data streaming technology can enable such mitigation in an effective manner, in this paper we present STONE, a stream-based DDoS defense framework, which integrates anomaly-based DDoS detection and mitigation with scalable data streaming technology. With STONE, the traffic of potential targets is analyzed via continuous data streaming queries maintaining information used for both attack detection and mitigation. STONE provides minimal degradation of legitimate users traffic during DDoS attacks and it also faces effectively flash crowds. Our preliminary evaluation based on an implemented prototype and conducted with real legitimate and malicious traffic traces shows that STONE is able to provide fast detection and precise mitigation of DDoS attacks leveraging scalable data streaming technology.