| Hi-index | 0.00 |
Over the last two decades the computing infrastructure has grown dramatically in size, functionality and complexity, and has become an integral part of our lives. However, its pervasiveness and increased visibility have also made it vulnerable and a target of malicious attacks. Current attacks such as distributed denial of service (DDoS) and Internet worms are highly distributed, well coordinated, offensive assaults on services, hosts, and the infrastructure of the Internet, and can have disastrous effects including financial losses and disruption of essential service. As a result, protecting the computing infrastructure from such attacks has become a critical issue that needs to be urgently addressed. In this thesis, we investigate techniques for decentralized cooperative attack detection and countermeasures. Our objective is to enable early and accurate detection of and reaction to attacks in the network. The key underlying concept is the use of scalable decentralized epidemic algorithms for information sharing and achieving quasi-global knowledge of network attacks. Our proposed distributed framework for network infrastructure protection builds on a self-managing, robust and resilient peer-to-peer overlay composed of local detection and protection agents that are placed at "strategic" locations in the Internet such as a domain gateway. These agents non-intrusively monitor the immediate network around them for possible attacks. Locally detected network anomalies are used to generate attack alert messages, which are disseminated across the network using gossip mechanisms. A decentralized cooperative detection algorithm is used to aggregate these alert messages to estimate a quasi-global view of the anomalous network behavior, and to detect and react to attacks, both early and effectively. This thesis first presents a conceptual model that defines the relationships between the level of knowledge in the distributed system and attack detection accuracy. The analysis presented demonstrates the feasibility and effectiveness of gossip based communication mechanisms for cooperative attack detection. A prototype simulation of the framework and its key concepts are presented and applied to detect and defend against DDoS attacks and Internet worms. Results using this simulation demonstrate that the proposed approach is feasible and effective against network attacks.