Thwarting DDoS attacks in grid using information divergence

The Grid is an emerging resource intensive environment that aims at utilizing resources efficiently and effectively. Distributed Denial-of-Service (DDoS) attacks on the Grid can have a devastating effect since there are several resource constraints in a Grid environment. A DDoS can cause large-scale damage to resources and availability of the resources to genuine Grid users. This paper proposes a five-fold DDoS Defense Mechanism using an Information Divergence scheme that detects the attacker and discards the adversary's packets for a fixed amount of time in an organized manner. The trust value is adjusted based on the attack intensity to ensure a trustworthy system. The mitigation is carried out by limiting the bandwidth of the attacking IP instead of completely blocking the attackers IPs. With this, the job success rate is more by the proposed approach compared to completely blocking the attackers IP approach. Highlights? A DDoS can cause large-scale damage to resources and availability of the resources to genuine Grid users. ? This paper proposes a five-fold DDoS Defense Mechanism using an Information Divergence scheme. ? The proposed layered method gives the least percentage of false positives compared to other methods. ? The proposed method also gives better DDoS detection rate and lesser resource consumption rate.

[1]  Kavé Salamatian,et al.  Combining filtering and statistical methods for anomaly detection , 2005, IMC '05.

[2]  P. Varalakshmi,et al.  B-Tree Based Trust Model for Resource Selection in Grid , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[3]  Oliver Niggemann,et al.  Supporting Intrusion Detection by Graph Clustering and Graph Drawing , 2000 .

[4]  P. Abry,et al.  Denial of service attack detection based on a non Gaussian and multiresolution traffic modeling , 2006 .

[5]  Kai Hwang,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.

[6]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[7]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[8]  Kai Hwang,et al.  Filtering of shrew DDoS attacks in frequency domain , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[9]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[10]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[11]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[12]  A. L. Narasimha Reddy,et al.  Statistical Techniques for Detecting Traffic Anomalies Through Packet Header Data , 2008, IEEE/ACM Transactions on Networking.

[13]  A. L. Narasimha Reddy,et al.  Statistical techniques for detecting traffic anomalies through packet header data , 2008, TNET.

[14]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[15]  Santokh Singh,et al.  A SOA Approach to Counter DDoS Attacks , 2007, IEEE International Conference on Web Services (ICWS 2007).

[16]  Kang G. Shin,et al.  Change-point monitoring for the detection of DoS attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[17]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[18]  Kang G. Shin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[19]  Siu-Ming Yiu,et al.  Intrusion Detection Routers: Design, Implementation and Evaluation Using an Experimental Testbed , 2006, IEEE Journal on Selected Areas in Communications.

[20]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[21]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[22]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[23]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[24]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[25]  Mun Choon Chan,et al.  On the effectiveness of DDoS attacks on statistical filtering , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..