主动的DDoS攻击检测和隔离

2017 International Conference on Computer, Communications and Electronics (Comptelix) Pub Date : 2017-07-01 DOI:10.1109/COMPTELIX.2017.8003989

Vaishali Kansal, M. Dave

{"title":"主动的DDoS攻击检测和隔离","authors":"Vaishali Kansal, M. Dave","doi":"10.1109/COMPTELIX.2017.8003989","DOIUrl":null,"url":null,"abstract":"The increased number of cyber attacks makes the availability of services a major security concern. One common type of cyber threat is distributed denial of service (DDoS). A DDoS attack is aimed at disrupting the legitimate users from accessing the services. It is easier for an insider having legitimate access to the system to deceive any security controls resulting in insider attack. This paper proposes an Early Detection and Isolation Policy (EDIP)to mitigate insider-assisted DDoS attacks. EDIP detects insider among all legitimate clients present in the system at proxy level and isolate it from innocent clients by migrating it to attack proxy. Further an effective algorithm for detection and isolation of insider is developed with the aim of maximizing attack isolation while minimizing disruption to benign clients. In addition, concept of load balancing is used to prevent proxies from getting overloaded.","PeriodicalId":6917,"journal":{"name":"2017 International Conference on Computer, Communications and Electronics (Comptelix)","volume":"135 1","pages":"334-338"},"PeriodicalIF":0.0000,"publicationDate":"2017-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Proactive DDoS attack detection and isolation\",\"authors\":\"Vaishali Kansal, M. Dave\",\"doi\":\"10.1109/COMPTELIX.2017.8003989\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The increased number of cyber attacks makes the availability of services a major security concern. One common type of cyber threat is distributed denial of service (DDoS). A DDoS attack is aimed at disrupting the legitimate users from accessing the services. It is easier for an insider having legitimate access to the system to deceive any security controls resulting in insider attack. This paper proposes an Early Detection and Isolation Policy (EDIP)to mitigate insider-assisted DDoS attacks. EDIP detects insider among all legitimate clients present in the system at proxy level and isolate it from innocent clients by migrating it to attack proxy. Further an effective algorithm for detection and isolation of insider is developed with the aim of maximizing attack isolation while minimizing disruption to benign clients. In addition, concept of load balancing is used to prevent proxies from getting overloaded.\",\"PeriodicalId\":6917,\"journal\":{\"name\":\"2017 International Conference on Computer, Communications and Electronics (Comptelix)\",\"volume\":\"135 1\",\"pages\":\"334-338\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference on Computer, Communications and Electronics (Comptelix)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/COMPTELIX.2017.8003989\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference on Computer, Communications and Electronics (Comptelix)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMPTELIX.2017.8003989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

网络攻击数量的增加使得服务的可用性成为一个主要的安全问题。一种常见的网络威胁是分布式拒绝服务(DDoS)。DDoS攻击的目的是中断合法用户对服务的访问。拥有合法访问系统权限的内部人员更容易欺骗任何安全控制，从而导致内部攻击。本文提出了一种早期检测和隔离策略(EDIP)来缓解内部协助的DDoS攻击。EDIP在代理级别检测系统中存在的所有合法客户端中的内部人，并通过将其迁移到攻击代理将其与无辜客户端隔离开来。此外，还开发了一种有效的内部检测和隔离算法，旨在最大限度地隔离攻击，同时最大限度地减少对良性客户端的中断。此外，还使用了负载平衡的概念来防止代理过载。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Proactive DDoS attack detection and isolation

The increased number of cyber attacks makes the availability of services a major security concern. One common type of cyber threat is distributed denial of service (DDoS). A DDoS attack is aimed at disrupting the legitimate users from accessing the services. It is easier for an insider having legitimate access to the system to deceive any security controls resulting in insider attack. This paper proposes an Early Detection and Isolation Policy (EDIP)to mitigate insider-assisted DDoS attacks. EDIP detects insider among all legitimate clients present in the system at proxy level and isolate it from innocent clients by migrating it to attack proxy. Further an effective algorithm for detection and isolation of insider is developed with the aim of maximizing attack isolation while minimizing disruption to benign clients. In addition, concept of load balancing is used to prevent proxies from getting overloaded.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference on Computer, Communications and Electronics (Comptelix)

自引率

0.00%

发文量