INVESTIGATION OF COOPERATIVE DEFENSE AGAINST DDOS

Igor Kotenko, Alexander Ulanov

Abstract

The paper considers a new approach and a simulation environment which have been developed for comprehensive investigation of Internet Distributed Denial of Service attacks and defense. The main peculiarities of the approach and environment are as follows: agent-oriented framework to attack and defense investigation, packet-based simulation, and capability to add new attacks and defense methods and analyze them. The main components of the simulation environment are specified. Using the approach suggested and the environment implemented we evaluate and compare several cooperative defense mechanisms against DDoS (DefCOM, COSSACK, and our own mechanism based on full cooperation). The testing methodology for defense investigation is described, and the results of experiments are presented.

References

  1. Keromytis, A., Misra, V., Rubenstein, D., 2002. SOS: Secure Overlay Services. In Proceedings of ACM SIGCOMM'02, Pittsburgh, PA.
  2. Kotenko, I., Ulanov A., 2006. Simulation of Internet DDoS Attacks and Defense. In Proc. of ISC 2006. Samos, Greece. LNCS, Vol. 4176.
  3. Mankins, D., Krishnan, R., Boyd, C., Zao, J., Frentz, M., 2001. Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing. In Proceedings of the 17th Annual Computer Security Applications Conference. ACSAC'01.
  4. Mirkovic, J., Robinson, M., Reiher, P., Oikonomou, G., 2005. Distributed Defense Against DDOS Attacks. In University of Delaware CIS Department Technical Report CIS-TR-2005-02.
  5. Papadopoulos, C., Lindell, R., Mehringer, I., Hussain, A., Govindan, R. 2003. Cossack: Coordinated suppression of simultaneous attacks. In Proceedings of DISCEX III.
  6. Sangpachatanaruk, C., Khattab, S.M., Znati, T., Melhem, R., Mosse, D., 2004. Design and Analysis of a Replicated Elusive Server Scheme for Mitigating Denial of Service Attacks. In Journal of Systems and Software, Vol.73(1).
  7. Wang, H., Shin, K.G., 2003. Transport-aware IP Routers: A Built-in Protection Mechanism to Counter DDoS Attacks. In IEEE Transactions on Parallel and Distributed Systems, Vol.14(9).
  8. Xuan, D., Bettati, R., Zhao, W., 2001. A Gateway-Based Defense System for Distributed DoS Attacks in High Speed Networks. In Proceedings of the 2nd IEEE SMC Information Assurance Workshop, West Point, NY.
Download


Paper Citation


in Harvard Style

Kotenko I. and Ulanov A. (2007). INVESTIGATION OF COOPERATIVE DEFENSE AGAINST DDOS . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 180-183. DOI: 10.5220/0002128801800183


in Bibtex Style

@conference{secrypt07,
author={Igor Kotenko and Alexander Ulanov},
title={INVESTIGATION OF COOPERATIVE DEFENSE AGAINST DDOS},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={180-183},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002128801800183},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - INVESTIGATION OF COOPERATIVE DEFENSE AGAINST DDOS
SN - 978-989-8111-12-8
AU - Kotenko I.
AU - Ulanov A.
PY - 2007
SP - 180
EP - 183
DO - 10.5220/0002128801800183