Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지

Prevention of DDoS Attacks for Enterprise Network Based on Traceback and Network Traffic Analysis

  • Ma, Yun-Ji (Dep. of Computer Science, Gyeongsang National University) ;
  • Baek, Hyun-Chul (Dep. of Computer Science, Gyeongsang National University) ;
  • Kim, Chang-Geun (Dep. of Computer Science, Gyeongsang National University) ;
  • Kim, Sang-Bok (Dep. of Computer Science, Gyeongsang National Univ.)
  • Published : 2009.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

With the wide usage of internet in many fields, networks are being exposed to many security threats, such as DDoS attack and worm/virus. For enterprise network, prevention failure of network security causes the revealing of commercial information or interruption of network services. In this paper, we propose a method of prevention of DDoS attacks for enterprise network based on traceback and network traffic analysis. The model of traceback implements the detection of IP spoofing attacks by the cooperation of trusted adjacent host, and the method of network traffic analysis implements the detection of DDoS attacks by analyzing the traffic characteristic. Moreover, we present the result of the experiments, and compare the method with other methods. The result demonstrates that the method can effectively detect and block DDoS attacks and IP spoofing attacks.

Keywords

References

  1. S. Mohiuddin, S. Hershkop, R. Bhan and Stolfo, "Defending against a large scale denial-of-service attack", In Proceedings of IEEE Workshop on Information Assurance and Security, US. Military Academy, NY, pp.1555-1562, Jun. 2002
  2. L. Lersak and R. Amon, "Distributed denial of service detection using TCP/IP header and traffic measurement analysis", Inter. symposium on communications and information technologies 2004, Vol. 1, pp. 605-610, Oct. 2004 https://doi.org/10.1109/ISCIT.2004.1412917
  3. S. Augustion, S. Kave, and T. Nina, "Combining filtering and statistical methods for anomaly detection", Internet measurement conference 2005, pp.331 -244, 2005
  4. Y. Xiang and W. Zhou, "Trace IP packets by flexible deterministic packet marking (FDPM)", Proceedings IEEE Workshop on IP Operations and Management, pp. 246-252, Oct. 2004 https://doi.org/10.1109/IPOM.2004.1547624
  5. C. Gong and K. Sarac, "A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking", IEEE Transactions on Parallel and Distributed Systems, vol. 19, pp. 1310-1324, Oct. 2008 https://doi.org/10.1109/TPDS.2007.70817
  6. T. Dubendorfer, M. Bossardt, and B. Plattner, "Adaptive distributed traffic control service for DDoS attack mitigation", proceedings of the 19th IEEE inter. parallel and distributed processing symposium, April, 2005 https://doi.org/10.1109/IPDPS.2005.76
  7. S. H. Lee et aI., "Abnormal traffic detection and its implementation", The 7th International Conference on Advanced Communication Technology, vol. 1, pp. 246-250, 2005 https://doi.org/10.1109/ICACT.2005.245837
  8. G. Box, G. Jenkins, and G. Reinsel, Time series analysis, 3rd edition, Prentice Hall, 1994
  9. A. Bremler-Barr, and H. Levy, "Spoofing prevention method", Conference of the IEEE Computer and Communications Societies, vol. 1, pp. 536-547, March 2005 https://doi.org/10.1109/INFCOM.2005.1497921
  10. S. J. Templeton, and K. E. Levitt, "Detecting spoofed packets", DARPA Information Survivability Conference and Exposition, vol. 1, pp.164-175, ApriI 2003
  11. T. Baba, and S. Matsuda, 'Tracing network attacks to their sources', Internet Computing, IEEE, vol. 6, pp. 20-26, March-April 2002 https://doi.org/10.1109/4236.991439
  12. Wikipedia, free encyclopedia, [Online]. Available: http://en.wikipedia.org/wiki/Standard_deviation