在实验测试平台中使用基于主机网络的度量和缓解的DDoS检测

2012 International Conference on Recent Trends in Information Technology Pub Date : 2012-04-19 DOI:10.1109/ICRTIT.2012.6206744

B. Devi, G. Preetha, S. Shalinie

{"title":"在实验测试平台中使用基于主机网络的度量和缓解的DDoS检测","authors":"B. Devi, G. Preetha, S. Shalinie","doi":"10.1109/ICRTIT.2012.6206744","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attacks is very recent and popular devastating attack in the field of cyber society. Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Online analysis of real time attack traffic and their impact and degradation of host and network based performance metrics becomes very essential. So, online measurement of these network performance metrics itself acts as an Intrusion detection system. The anomalies are the inference for network security analyst to suspect whether the network is under attack or not. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack. The Interface Based Rate Limiting (IBRL) algorithm proposed in this paper is used to mitigate the identified DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. The experimental results show that there is considerable increase in the host and network based performance metrics for legitimate users even under DoS and DDoS attacks.","PeriodicalId":191151,"journal":{"name":"2012 International Conference on Recent Trends in Information Technology","volume":"161 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":"{\"title\":\"DDoS Detection using host-network based metrics and mitigation in experimental testbed\",\"authors\":\"B. Devi, G. Preetha, S. Shalinie\",\"doi\":\"10.1109/ICRTIT.2012.6206744\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed Denial of Service (DDoS) attacks is very recent and popular devastating attack in the field of cyber society. Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Online analysis of real time attack traffic and their impact and degradation of host and network based performance metrics becomes very essential. So, online measurement of these network performance metrics itself acts as an Intrusion detection system. The anomalies are the inference for network security analyst to suspect whether the network is under attack or not. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack. The Interface Based Rate Limiting (IBRL) algorithm proposed in this paper is used to mitigate the identified DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. The experimental results show that there is considerable increase in the host and network based performance metrics for legitimate users even under DoS and DDoS attacks.\",\"PeriodicalId\":191151,\"journal\":{\"name\":\"2012 International Conference on Recent Trends in Information Technology\",\"volume\":\"161 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-04-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"24\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 International Conference on Recent Trends in Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICRTIT.2012.6206744\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 International Conference on Recent Trends in Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRTIT.2012.6206744","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 24

摘要

分布式拒绝服务攻击(Distributed Denial of Service, DDoS)是近年来网络社会领域中非常流行的一种破坏性攻击。洪水式DDoS攻击会对关键基础设施的可用性、完整性和机密性产生不利影响。现有的防御方法无法实时有效地检测和过滤攻击流量。在线分析实时攻击流量及其对主机和网络性能指标的影响和退化变得非常重要。因此，在线测量这些网络性能指标本身就起到了入侵检测系统的作用。异常是网络安全分析人员判断网络是否受到攻击的依据。基于攻击者流量比合法用户更具侵略性的假设，建议的工作在洪水式DDoS攻击期间为真实用户提供足够的带宽。本文提出的基于接口的速率限制(IBRL)算法用于缓解已识别的DDoS攻击。该实现是在Linux机器和虚拟路由器上建立的实验测试平台上进行的。实验结果表明，即使在DoS和DDoS攻击下，合法用户基于主机和网络的性能指标也有相当大的提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

DDoS Detection using host-network based metrics and mitigation in experimental testbed

Distributed Denial of Service (DDoS) attacks is very recent and popular devastating attack in the field of cyber society. Flooding DDoS attacks produce adverse effects for critical infrastructure availability, integrity and confidentiality. Current defense approaches cannot efficiently detect and filter out the attack traffic in real time. Online analysis of real time attack traffic and their impact and degradation of host and network based performance metrics becomes very essential. So, online measurement of these network performance metrics itself acts as an Intrusion detection system. The anomalies are the inference for network security analyst to suspect whether the network is under attack or not. Based on the assumption that the attacker flows are very aggressive than the legitimate users the proposed work provides sufficient bandwidth to genuine users during flooding DDoS attack. The Interface Based Rate Limiting (IBRL) algorithm proposed in this paper is used to mitigate the identified DDoS attacks. The implementation is carried out on an experimental testbed build up on Linux machines and Virtual routers. The experimental results show that there is considerable increase in the host and network based performance metrics for legitimate users even under DoS and DDoS attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 International Conference on Recent Trends in Information Technology

自引率

0.00%

发文量