Cooperative Defense against Network Attacks

Guangsen Zhang, Manish Parashar

2005

Abstract

Distributed denial of service (DDoS) attacks on the Internet have become an immediate problem. As DDoS streams do not have common characteristics, currently available intrusion detection systems (IDS) can not detect them accurately. As a result, defend DDoS attacks based on current available IDS will dramatically affect legitimate traffic. In this paper, we propose a distributed ap- proach to defend against distributed denial of service attacks by coordinating across the Internet. Unlike traditional IDS, we detect and stop DDoS attacks within the intermediate network. In the proposed approach, DDoS defense sys- tems are deployed in the network to detect DDoS attacks independently. A gos- sip based communication mechanism is used to exchange information about net- work attacks between these independent detection nodes to aggregate information about the overall network attacks observed. Using the aggregated information, the individual defense nodes have approximate information about global network attacks and can stop them more effectively and accurately. To provide reliable, rapid and widespread dissemination of attack information, the system is built as a peer to peer overlay network on top of the internet.

References

  1. A. Akella, A. Bharambe, M. Reiter, and S. Seshan. Detecting DDoS attacks on ISP networks. In ACM SIGMOD Workshop on Management and Processing of Data Streams, pages 20-23, San Diego, CA, 2003.
  2. D. Dittrich. Distributed denial of service (DDoS) attacks/tools, 2004. http://staff.washington.edu/dittrich/misc/ddos/.
  3. C. Estan and G. Varghese. New directions in traffic measurement and accounting. In Proceesings of SIGCOMM 2002, pages 270-313, Pittsburgh, PA, USA, 2002.
  4. T. M. Gil and M. Poleto. Multops: a data-structure for bandwidth attack detection. In Proceedings of 10th Usenix Security Symposium, pages 23-28, Washington, D.C., USA, August 2001.
  5. I. Gupta, K. P. Birman, and R. van Renesse. Fighting fire with fire: using randomized gossip to combat stochastic scalability limits. Special Issue Journal Quality and Reliability Engineering International:Secure, Reliable Computer and Network Systems, 18(3):165-184, May 2002.
  6. Q. Huang, H. Kobayashi, and B. Liu. Analysis of a new form of distributed denial of service attack. In Proceedings of CISS03, the 37th Annual Conference on Information Science and Systems, Johns Hopkins University, Baltimore, Maryland, March 2003.
  7. J. Ioannidis and S. M. Bellovin. Implementing pushback: Router-based defense against DDoS attacks. In Proceedings of Network and Distributed System Security Symposium, NDSS 7802, pages 100-108, Reston, VA, USA, February 2002.
  8. R. M. Karp, C. Schindelhauer, S. Shenker, and B. Vocking. Randomized rumor spreading. In IEEE Symposium on Foundations of Computer Science, pages 565-574, 2000.
  9. D. Kempe, A. Dobra, and J. Gehrke. Computing aggregate information using gossip. In in Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science, Cambridge, MA, October 2003.
  10. M. Lin and K. Marzullo. Directional gossip: gossip in a wide area network. In Proceedings of Dependable Computing - Third European Dependable Computing Conference, pages 364- 379, Berlin, Germany, 1999.
  11. J. Mirkovic, G. Prier, and P. Reiher. Attacking DDoS at the source. In Proceedings of ICNP 2002, pages 312-321, Paris, France, November 2002.
  12. C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan. Cossack: Coordinated suppression of simultaneous attacks. In DARPA Information Survivability Conference and Exposition, volume 1, pages 2-13, Washington, DC, April 2003.
  13. R. Renesse, K. Birman, and W. Vogels. Astrolabe: A robust and scalable technology for distributed system monitoring, management, and data mining. ACM Transactions on Computer Systems, 21(2):164-206, May 2003.
  14. M. Roesch. The snort network intrusion detection system, 2002. http://www.snort.org.
Download


Paper Citation


in Harvard Style

Zhang G. and Parashar M. (2005). Cooperative Defense against Network Attacks . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 113-122. DOI: 10.5220/0002575901130122


in Bibtex Style

@conference{wosis05,
author={Guangsen Zhang and Manish Parashar},
title={Cooperative Defense against Network Attacks},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={113-122},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002575901130122},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - Cooperative Defense against Network Attacks
SN - 972-8865-25-2
AU - Zhang G.
AU - Parashar M.
PY - 2005
SP - 113
EP - 122
DO - 10.5220/0002575901130122