Collaborative detection of DDoS attacks over multiple network domains

IEEE Transactions on Parallel and Distributed Systems

Volumn 18, Issue 12, 2007, Pages 1649-1662

  Chen, Yu ^a   Hwang, Kai ^b   Ku, Wei Shinn ^c  

^a State University of New York at Binghamton   (United States)

^b University of Southern California ^*  (United States)

^c AUBURN UNIVERSITY   (United States)

Author keywords

Cyber defense; DDoS attacks; Internet technology; Network security

Indexed keywords

COMPUTER SYSTEM FIREWALLS; DISTRIBUTED COMPUTER SYSTEMS; GATEWAYS (COMPUTER NETWORKS); INTERNET PROTOCOLS; INTERNET SERVICE PROVIDERS; ROUTERS;

CHANGE AGGREGATION TREES; CYBER DEFENSE; DISTRIBUTED CHANGE-POINT DETECTION; SECURE INFRASTRUCTURE PROTOCOL;

NETWORK SECURITY;

EID: 36348929372     PISSN: 10459219     EISSN: None     Source Type: Journal    
DOI: 10.1109/TPDS.2007.1111     Document Type: Article

References (43)

1. H. Aljifri, "IP Traceback: A New Denial-of-Service Deterrent," IEEE Security and Privacy, pp. 24-31, May/June 2003.
2. T. Anderson et al., "Rocketfuel: An ISP Topology Mapping Engine," http://www.cs.washington.edu/research/networking/ rocketfuel/, 2006.
3. S. Bellovin, J. Schiller, and C. Kaufman, Security Mechanism for the Internet, IETF RFC 3631, 2003.
4. T. Benzel et al., "Experience with DETER: A Testbed for Security Research," Proc. Second IEEE Conf. Testbeds and Research Infra-structures for the Development of Networks and Communities (TridentCom '06), 2006.
5. R. Blazek et al., "A Novel Approach to Detection of DoS Attacks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods," Proc. IEEE Workshop Information Assurance and Security, June 2001.
6. M. Cai, K. Hwang, J. Pan, and C. Papadupolous, "WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 2, Apr./June 2007.
7. G. Carl, G. Kesidis, R. Brooks, and S. Rai, "Denial-of-Service Attack Detection Techniques," IEEE Internet Computing, Jan./Feb. 2006.
8. A. Chakrabarti and G. Manimaran, "Internet Infrastructure Security: A Taxonomy," IEEE Network, Nov. 2002.
9. S. Chen and Q. Song, "Perimeter-Based Defense against High Bandwidth DDoS Attacks," IEEE Trans. Parallel and Distributed Systems, vol. 16, no. 6, June 2005.
10. Y. Chen and K. Hwang, "Collaborative Detection and Filtering of Shrew DDoS Attacks Using Spectral Analysis," J. Parallel and Distributed Computing, special issue on security in grids and distributed systems, pp. 1137-1151, Sept. 2006.
11. Y. Chen and K. Hwang, "Collaborative Change Detection of DDoS Attacks on Community and ISP Networks," Proc. IEEE Int'l Symp. Collaborative Technologies and Systems (CTS '06), May 2006.
12. X. Dimitropoulos, D. Krioukov, G. Riley, and K. Claffy, "Revealing the Autonomous System Taxonomy: The Machine Learning Approach," Proc. Passive and Active Measurement Workshop (PAM '06), 2006.
13. D. Dittrich, "The "Stacheldraft" Distributed Denial of Service Attack Tool," http://staff.washington.edu/dittrich/, 2000.
14. M. Faloutsos, C. Faloutsos, and P. Faloutsos, "On Power-Law Relationships of the Internet Topology," Proc. ACM SIGCOMM '99, Aug. 1999.
15. V. Fuller, T. Li, J. Yu, and K. Varadhan, Classless Inter-Domain Routing (CIDR): An Address Assignment and Aggregation Strategy, IETF RFC 1519, 1993.
16. T. Gil and M. Poletto, "MULTOPS: A Data-Structure for Bandwidth Attack Detection," Proc. 10th Usenix Security Symp., Aug. 2001.
17. K. Houle et al., "Trends in Denial of Service Attack Technology," www.cert.org/archive/pdf/, 2001.
18. A. Hussain, J. Heidemann, and C. Papadopoulos, "Identification of Repeated Denial of Service Attacks," Proc. INFOCOM '06, Apr. 2006.
19. K. Hwang, M. Cai, Y. Chen, and M. Qin, "Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes," IEEE Trans. Dependable and Secure Computing, vol. 4, no. 1, pp. 41-55, Jan.-Mar. 2007.
20. J. Joannidis and S.M. Bellovin, "Implementing Pushback: Router-Based Defense against DDoS Attacks," Proc. Network and Distributed System Security Symp. (NDSS '02), Feb. 2002.
21. ISO 3166 Report, "AS Resource Allocations," http://bgp.potaroo.net/iso3166/ascc.html, 2006.
22. H. Jiang and C. Dovrolis, "Why Is the Internet Traffic Bursty in Short Time Scales," Proc. ACM SIGMETRICS '05, June 2005.
23. J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash Crowds and Denial-of-Service Attacks: Characterization and Implications for CDNs and Web Sites," Proc. 11th Int'l World Wide Web Conf. (WWW'02 , 2002.
24. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds," Proc. Second Symp. Networked Systems Design and Implementation (NSDI '05), May 2005.
25. S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF RFC 2401, 1998.
26. Y. Kim, W.C. Lau, M.C. Chuah, and H.J. Chao, "PacketScore: Statistics-Based Overload Control against Distributed Denial of Service Attacks," Proc. INFOCOM '04, 2004.
27. T. Law, J. Lui, and D. Yau, "You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers," IEEE Trans. Parallel and Distributed Systems, Sept. 2005.
28. R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," Computer Comm. Rev., July 2002.
29. J. Mirkovic and P. Reiher, "D-WARD: A Source-End Defense against Flooding DoS Attacks," IEEE Trans. Dependable and Secure Computing pp. 216-232, July 2005.
30. T. Monk and K. Claffy, "Cooperation in Internet Data Acquisition and Analysis," Proc. Coordination and Administration of the Internet Workshop, (CAIDA Project), http://www.caida.org/, Sept. 1996.
31. D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," Proc. 10th Usenix Security Symp., 2001.
32. P. Ning, S. Jajodia, and X.S. Wang, "Abstraction-Based Intrusion Detection in Distributed Environment," ACM Trans. Information and System Security, pp. 407-452, Nov. 2001.
33. C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, "COSSACK: Coordinated Suppression of Simultaneous Attacks," Proc. Third DARPA Information Survivability Conf. and Exposition (DISCEX-III '03), pp. 2-13, 2003.
34. T. Peng, C. Leckie, and K. Ramamohanarao, "Detecting Distributed Denial of Service Attacks by Sharing Distributed Beliefs," Proc. Eighth Australasian Conf. Information Security and Privacy (ACISP '03 , July 2003.
35. J. Postel, Internet Control Message Protocol, IETF RFC 792, 1981.
36. S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, "DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection," Proc. INFOCOM '06, Apr. 2006.
37. T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K.E. Seamons, "Adaptive Trust Negotiation and Access Control," Proc. ACM Symp. Access Control Models and Technologies (SACMAT '05), June 2005.
38. G. Siganos, M. Faloutsos, P. Faloutsos, and C. Faloutsos, "Power-Laws and the AS-Level Internet Topology," ACM/IEEE Trans. Networking, pp. 514-524, Aug. 2003.
39. S.M. Specht and R.B. Lee, "Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures," Proc. 17th Int'l Conf. Parallel and Distributed Computing Systems (PDCS '04), Sept. 2004.
40. J. Sommers and P. Barford, "Self-Configuring Network Traffic Generation," Proc. ACM Internet Measurement Conf. (IMC '04), Oct. 2004.
41. M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, "DDoS Defense by Offense," Proc. ACM SIGCOMM '06, Sept. 2006.
42. H. Wang, D. Zhang, and K. Shin, "Change-Point Monitoring for the Detection of DoS Attacks," IEEE Trans. Dependable and Secure Computing, vol. 1, Oct.-Dec. 2004.
43. X. Wang, S. Chellappan, P. Boyer, and D. Xuan, "On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks," IEEE Trans. Parallel and Distributed Systems, vol. 17, no. 7, July 2006.