Global Detection of Flooding-Based DDoS Attacks Using a Cooperative Overlay Network

2010 Fourth International Conference on Network and System Security Pub Date : 2010-09-01 DOI:10.1109/NSS.2010.68

Thaneswaran Velauthapillai, A. Harwood, S. Karunasekera

{"title":"Global Detection of Flooding-Based DDoS Attacks Using a Cooperative Overlay Network","authors":"Thaneswaran Velauthapillai, A. Harwood, S. Karunasekera","doi":"10.1109/NSS.2010.68","DOIUrl":null,"url":null,"abstract":"Flooding-based Distributed Denial of Service (DDoS) attacks present a serious threat to the stability of the Internet. Identifying the attacks rapidly and accurately is significant for the efficient operation of Internet applications and services. Recent observations in the U.S. indicate a significant increase of cyber attacks on U.S. military information systems in 2009. Current technologies are still unable to withstand large-scale DDoS attacks. Single point detection and response is a first step to defeat such distributed attacks. Distributed global defense systems, using a coordinated effort, go much further towards thwarting such attacks. In this paper, we propose a distributed defense infrastructure to detect DDoS attacks globally using a cooperative overlay network and a gossip-based information exchange protocol. Our NS2 based simulation results show that the proposed solution can detect attacks with a detection rate as high as 0.99 with false alarms below 0.01. This compares favorably against other widely known methods including change-point detection, TTL analysis and wavelet analysis.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.68","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Flooding-based Distributed Denial of Service (DDoS) attacks present a serious threat to the stability of the Internet. Identifying the attacks rapidly and accurately is significant for the efficient operation of Internet applications and services. Recent observations in the U.S. indicate a significant increase of cyber attacks on U.S. military information systems in 2009. Current technologies are still unable to withstand large-scale DDoS attacks. Single point detection and response is a first step to defeat such distributed attacks. Distributed global defense systems, using a coordinated effort, go much further towards thwarting such attacks. In this paper, we propose a distributed defense infrastructure to detect DDoS attacks globally using a cooperative overlay network and a gossip-based information exchange protocol. Our NS2 based simulation results show that the proposed solution can detect attacks with a detection rate as high as 0.99 with false alarms below 0.01. This compares favorably against other widely known methods including change-point detection, TTL analysis and wavelet analysis.

查看原文本刊更多论文

基于协作覆盖网络的洪水型DDoS攻击全局检测

基于洪水的分布式拒绝服务(DDoS)攻击对互联网的稳定造成了严重威胁。快速准确地识别这些攻击对于Internet应用程序和服务的高效运行具有重要意义。美国最近的观察表明，2009年针对美国军事信息系统的网络攻击显著增加。目前的技术还无法抵御大规模的DDoS攻击。单点检测和响应是挫败这种分布式攻击的第一步。分布式的全球防御系统，通过协同努力，在挫败此类攻击方面走得更远。在本文中，我们提出了一种分布式防御基础设施，利用协作覆盖网络和基于八卦的信息交换协议来检测全局DDoS攻击。我们基于NS2的仿真结果表明，该方案可以检测到高达0.99的攻击，而假警报低于0.01。这与其他众所周知的方法，包括变点检测，TTL分析和小波分析相比是有利的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Fourth International Conference on Network and System Security

自引率

0.00%

发文量