11,136 research outputs found
Distributed Denial-of-Service Defense System
Distributed denial-of-service (DoS) attacks present a great threat to the Internet, and
existing security mechanisms cannot detect or stop them successfully. The problem lies
in the distributed nature of attacks, which engages the power of a vast number of
coordinated hosts. To mitigate the impacts of DDoS attacks, it is important to develop
such defenses system that canbothdetect andreact against ongoing attacks. The attacks
ideally should be stopped as close to the sources as possible, saving network resources
andreducing congestion. The DDoS defense system that is deployed at the source-end
should prevent the machines at associated network from participating in DDoS attacks.
The primary objective of this project, which is developing a DDoS defense system, is to
provide good service to a victim's legitimate clients during the attack, thus canceling
the denial-of-service effect. The scope of study will coverthe aspect of howthe attack
detection algorithms work and identify the attack traffic, hence develop appropriate
attack responses. As a source-end defense against DDoS attacks, the attack flows can be
stopped before they enter the Internet core and before they aggregate with other attack flows.
The methodology chosen for this project is the combination of sequential and iterative
approaches of the software development process, which comprises of six main phases,
which are initial planning phase, requirement definition phase, system design phase,
coding and testing phase, implementation phase, and lastly maintenance and support
phase. The system used a source router approach, in which the source router serves as a
gateway between the source network containing some of the attack nodes and the rest of the
Internet, to detectand limitDDoS streams long before they reach the target. This will be
covered in the Findings section of the report. TheDiscussion section will be focus more onthe
architecture onthe system, which having three important component; observation, rate-limiting
and traffic-policing
Distributed Denial of Service Attack Detection
Distributed Denial of Service (DDoS) attacks on web applications has been a persistent threat. Successful attacks can lead to inaccessible service to legitimate users in time and loss of business reputation. Most research effort on DDoS focused on network layer attacks. Existing approaches on application layer DDoS attack mitigation have limitations such as the lack of detection ability for low rate DDoS and not being able to detect attacks targeting resource files. In this work, we propose DDoS attack detection using concepts from information retrieval and machine learning. We include two popular concepts from information retrieval: Term Frequency (TF)-Inverse Document Frequency (IDF) and Latent Semantic Indexing (LSI). We analyzed web server log data generated in a distributed environment. Our evaluation results indicate that while all the approaches can detect various ranges of attacks, information retrieval approaches can identify attacks ongoing in a given session. All the approaches can detect three well known application level DDoS attacks (trivial, intermediate, advanced). Further, these approaches can enable an administrator identifying new pattern of DDoS attacks
On mitigating distributed denial of service attacks
Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are probably the most ferocious threats in the Internet, resulting in tremendous economic and social implications/impacts on our daily lives that are increasingly depending on the wellbeing of the Internet. How to mitigate these attacks effectively and efficiently has become an active research area. The critical issues here include 1) IP spoofing, i.e., forged source lIP addresses are routinely employed to conceal the identities of the attack sources and deter the efforts of detection, defense, and tracing; 2) the distributed nature, that is, hundreds or thousands of compromised hosts are orchestrated to attack the victim synchronously. Other related issues are scalability, lack of incentives to deploy a new scheme, and the effectiveness under partial deployment.
This dissertation investigates and proposes effective schemes to mitigate DDoS attacks. It is comprised of three parts. The first part introduces the classification of DDoS attacks and the evaluation of previous schemes. The second part presents the proposed IP traceback scheme, namely, autonomous system-based edge marking (ASEM). ASEM enhances probabilistic packet marking (PPM) in several aspects: (1) ASEM is capable of addressing large-scale DDoS attacks efficiently; (2) ASEM is capable of handling spoofed marking from the attacker and spurious marking incurred by subverted routers, which is a unique and critical feature; (3) ASEM can significantly reduce the number of marked packets required for path reconstruction and suppress false positives as well. The third part presents the proposed DDoS defense mechanisms, including the four-color-theorem based path marking, and a comprehensive framework for DDoS defense. The salient features of the framework include (1) it is designed to tackle a wide spectrum of DDoS attacks rather than a specified one, and (2) it can differentiate malicious traffic from normal ones. The receiver-center design avoids several related issues such as scalability, and lack of incentives to deploy a new scheme. Finally, conclusions are drawn and future works are discussed
- …