An on-line DDoS attack Traceback and Mitigation System based on network performance monitoring

被引：0

作者：

Su, Wei-Tsung ^{[1
]}

Lin, Tzu-Chieh ^{[2
]}

Wu, Chun-Yi ^{[3
]}

Hsu, Jang-Pong ^{[3
]}

Kuo, Yau-Hwang ^{[1
]}

机构：

[1] Natl Cheng Kung Univ, Dept Comp Sci & Informat Engn, CREDIT, Tainan 70101, Taiwan

[2] Acer Inc, New Taipei, Taiwan

[3] Adv Multimedia Internet Technol Inc, Tainan, Taiwan

来源：

10TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY, VOLS I-III: INNOVATIONS TOWARD FUTURE NETWORKS AND SERVICES | 2008年

关键词：

distributed denial of service; network performance monitoring; IF traceback; packet filter;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

In this paper, DDoS Attack Traceback and Mitigation System (DATMS) is proposed to trace the DDoS attack sources based on network performance monitoring. By monitoring packet loss rate and packet arrival rate, the routers can be traced as near as attack sources on victim flows, called Approximate Attack Entry Nodes (AENs), can be traced as near as attack sources. DATMS adopts on-line analysis instead of post-mortem analysis to reduce the trace time. In addition, the packet filter controller which adapts to queue length is proposed to mitigate the DDoS attacks. Since it is extremely difficult to distinguish attack flows and victim flows on core routers, the proposed packet filter is very simple and has lower overhead. Finally, the experimental results from NS-2 simulations show that the DDoS attacks are effectively mitigated by DATMS.

引用

页码：1467 / +

页数：3

共 16 条

[1] Novel hybrid schemes employing packet marking and logging for IP traceback
Al-Duwairi, B
Govindarasu, M
[J]. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2006, 17 (05) : 403 - 418
[2] [Anonymous], 2001, ICMP TRACEBACK MESSA
[3] Bhaskaran V. Murali, 2006, 2006 International Symposium on Ad Hoc and Ubiquitous Computing, P125, DOI 10.1109/ISAHUC.2006.4290659
[4] Burch H, 2000, USENIX ASSOCIATION PROCEEDINGS OF THE FOURTEENTH SYSTEMS ADMINISTRATION CONFERENCE (LISA XIV), P319
[5] Intrusion detection routers: Design, implementation. and evaluation using an experimental testbed
Chan, Eric Y. K.
Chan, H. W.
Chan, K. M.
Chan, P. S.
Chanson, Samuel T.
Cheung, M. H.
Chong, C. F.
Chow, K. P.
Hui, Albert K. T.
Hui, Lucas C. K.
Ip, S. K.
Lam, C. K.
Lau, W. C.
Pun, K. H.
Tsang, Y. F.
Tsang, W. W.
Tso, C. W.
Yeung, D. Y.
Yiu, S. M.
Yu, K. Y.
Ju, Weihua
[J]. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, 2006, 24 (10) : 1889 - 1900
[6] A divide-and-conquer strategy for thwarting distributed denial-of-service attacks
Chen, Ruiliang
Park, Jung-Min
Marchany, Randolph
[J]. IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2007, 18 (05) : 577 - 588
[7] DEAN D, 2002, ACM T INFORM SYSTEM, V5
[8] Using Online traffic statistical matching for optimizing packet filtering performance
El-Atawy, Adel
Samak, Taghrid
Al-Shaer, Ehab
Li, Hong
[J]. INFOCOM 2007, VOLS 1-5, 2007, : 866 - +
[9] FERGUSON P, 2000, 2828 RFC
[10] Hybrid intrusion detection with weighted signature generation over anomalous Internet episodes
Hwang, Kai
Cai, Min
Chen, Ying
Qin, Min
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2007, 4 (01) : 41 - 55

← 1 2 →