{"title":"针对DDoS攻击的网络域入口点/路径确定","authors":"V. Thing, M. Sloman, Naranker Dulay","doi":"10.1109/NOMS.2008.4575117","DOIUrl":null,"url":null,"abstract":"A method to determine entry points and paths of DDoS attack traffic flows into network domains is proposed. We determine valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses to construct the attack paths. We show results from simulations to detect the routers carrying attack traffic in the victim's network domain. Our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. Our algorithm is simple and efficient, allowing for a fast traceback and the method is scalable due to the distribution of processing workload.","PeriodicalId":368139,"journal":{"name":"NOMS 2008 - 2008 IEEE Network Operations and Management Symposium","volume":"77 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Network domain entrypoint/path determination for DDoS attacks\",\"authors\":\"V. Thing, M. Sloman, Naranker Dulay\",\"doi\":\"10.1109/NOMS.2008.4575117\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A method to determine entry points and paths of DDoS attack traffic flows into network domains is proposed. We determine valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses to construct the attack paths. We show results from simulations to detect the routers carrying attack traffic in the victim's network domain. Our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. Our algorithm is simple and efficient, allowing for a fast traceback and the method is scalable due to the distribution of processing workload.\",\"PeriodicalId\":368139,\"journal\":{\"name\":\"NOMS 2008 - 2008 IEEE Network Operations and Management Symposium\",\"volume\":\"77 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-04-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOMS 2008 - 2008 IEEE Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2008.4575117\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2008 - 2008 IEEE Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2008.4575117","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network domain entrypoint/path determination for DDoS attacks
A method to determine entry points and paths of DDoS attack traffic flows into network domains is proposed. We determine valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses to construct the attack paths. We show results from simulations to detect the routers carrying attack traffic in the victim's network domain. Our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. Our algorithm is simple and efficient, allowing for a fast traceback and the method is scalable due to the distribution of processing workload.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
