Browse > Article

A Scheme of Distributed Network Security Management against DDoS Attacks  

Kim Sung-Ki (Dept. of Computer Science & Eng. Univ. of Incheon)
Yoo Seung-Hwan (Dept. of Computer Science & Eng. Univ. of Incheon)
Kim Moon-Chan (Dept. of Computer Science & Eng. Univ. of Incheon)
Min Byoung-Joon (Dept. of Computer Science & Eng. Univ. of Incheon)
Publication Information
Journal of the Institute of Electronics Engineers of Korea TC / v.43, no.7, 2006 , pp. 72-83 More about this Journal
Abstract
It is not a practical solution that the DDoS attacks or worm propagations are protected and responded within a domain itself because it clogs access of legitimate users to share communication lines beyond the boundary a domain. Especially, the DDoS attacks with spoofed source address or with bogus packets that the destination addresses are changed randomly but has the valid source address does not allow us to identify access of legitimate users. We propose a scheme of distributed network security management to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses and sending the bogus packets. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The domain security manager forwards information regarding identified suspicious attack flows to neighboring managers and then verifies the attack upon receiving return messages from the neighboring managers. Through the experiment on a test-bed, the proposed scheme was verified to be able to maintain high detection accuracy and to enhance the. normal packet survival rate.
Keywords
DDoS(Distributed Denial of Service) Attacks; Worm; Security Management;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Dan Schnackenberg, Kelly Djahandari, Dan Sterne, 'Infrastructure for Intrusion Detection and Response,' DARPA Information Survivability Conference and Exposition, DISCEX 2000, Jan., 2000   DOI
2 Laura Feinstein, Dan Schnackenberg, Ravindra Balupari, Darrell Kindred. 'Statistical Approaches to DDoS Attack Detection and Response,' DISCEX 2003, p. 303, DARPA Information Survivability Conference and Exposition - Volume I, 2003
3 'Linux Advanced Routing and Traffic Control HOWTO', http://www.lartc.org/lartc.html
4 Spread Toolkit, 'http://www.spread.org'
5 David L. Tennenhouse, J. Smith, W. Sincoskie, D. Wetherall, G. Minden, 'A Survey of Active Network Research', In IEEE Communications Magazine, 1997   DOI   ScienceOn
6 M. E. J. Newman, 'Power laws, Pareto distri-butions and Zipf's law', International Journal of Contemporary Physics 46, p. 323-351, 2005   DOI   ScienceOn
7 Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, 'Practical network support for IP traceback', In Proceedings of the ACM SIGCOMM Conference, pages   DOI
8 Michalis Faloutsos, Petros Faloutsos, and Christos Faloutsos. 'On power-law relationships of the internet topology', In SIGCOMM, p. 251 - 262, 1999   DOI
9 Robert Stone, 'Centertrack: An IP overlay network for tracking DoS floods', In Proceedings of the USENIX Security Symposium, p. 199-212, Denver, CO, USA, July 2000. USENIX
10 Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker, 'Controlling high bandwidth aggregates in the network', In ACM ComputerCommunication Review, July 2001   DOI
11 Steven Bellovin, 'ICMP traceback messages', Work in Progress: draft-bellovin-itrace-00.txt
12 Haining Wang, Danlu Zhang, and Kang Shin. 'Detecting SYN flooding attacks', In Proceedings of the IEEE Infocom   DOI
13 Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker. 'Controlling high bandwidth aggregates in the network', In ACM ComputerCommunication Review, July 2001   DOI
14 Dan Schnackenberg, Harley Holiday, et al., 'Cooperative Intrusion Traceback and Response Architecture (CITRA),', DISCEX 2001, June, 2001   DOI
15 Dan Stenrne, et al., 'Active Network Based DDoS Defense', Proceedings of the DARPA Active Networks Conference and Exposition (DANCE.02), p. 193, May, 2002
16 Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. 'Practical network support for IP traceback', In Proceedings of the ACM SIGCOMM Conference, pages 295-306, Stockholm, Sweeden, August 2000. ACM   DOI
17 Peter Mell, 'An Overview of Issues in Testing Intrusion Detection Systems', NIST Interagency Reprots 7007, 2003