Distributed Management Architecture for Cooperative Detection and Reaction to DDoS Attacks

Authors:
G. Koutepas;F. Stamatelopoulos;B. Maglaris
Affiliations:
Network Management and Optimal Design Laboratory, Electrical and Computer Engineering Department, National Technical University of Athens, Zografou, GR 157 80, Athens, Greece/ gkoutep@netm ...;Network Management and Optimal Design Laboratory, Electrical and Computer Engineering Department, National Technical University of Athens, Zografou, GR 157 80, Athens, Greece/ fotis@netmod ...;Network Management and Optimal Design Laboratory, Electrical and Computer Engineering Department, National Technical University of Athens, Zografou, GR 157 80, Athens, Greece/ maglaris@net ...
Venue:
Journal of Network and Systems Management
Year:
2004

Citing 9
Cited 5

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
New directions in traffic measurement and accounting

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Autonomic Response to Distributed Denial of Service Attacks

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Centertrack: an IP overlay network for tracking DoS floods

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine

Information Assurance: Dependability and Security in Networked Systems

Information Assurance: Dependability and Security in Networked Systems
Network Security: Know It All: Know It All

Network Security: Know It All: Know It All
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Journal of Network and Systems Management
Detecting distributed network traffic anomaly with network-wide correlation analysis

EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
FireCol: a collaborative protection network for the detection of flooding DDoS attacks

IEEE/ACM Transactions on Networking (TON)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a cooperative intrusion detection framework focused on countering Distributed Denial-of-Service (DDoS) attacks through the introduction of a distributed overlay early-warning network. Our goal is to minimize the detection and reaction time and automate responses, while involving as many networks as possible along the attack path. The proposed approach relies on building a “community” of trusted partners that will cooperate by exchanging security information so that inclusion in the attack path is detected locally and without traceback procedures. The main building block is the Cooperative anti-DDoS Entity, a modular software system deployed in each participating network domain that supports secure message exchanges and local responses tailored to individual sites' policies. We discuss the operation and the implementation of a prototype, and we provide a survey of the methodologies against DDoS and compare our approach to related work.