DESIGN OF AN AUTONOMOUS ANTI-DDOS NETWORK (A2D2)

Recent threats of Distributed Denial of Service attacks (DDoS) are mainly directed at home and small to medium sized networks that lack the incentive, expertise, and financial means to defend themselves. Using the Evolutionary Software Life-Cycle model, this thesis designs an Autonomous Anti-DDoS Network (A2D2) that integrates and improves on existing DDoS mitigation technologies. A2D2 provides an affordable and manageable solution to small and medium networks, and enables small office and home office (SOHO) networks to take control of their own defense within their own network boundary. Test-bed results show that A2D2 is highly effective in ensuring Quality of Service (QoS) during bandwidth consumption DDoS attacks. The A2D2 test-bed has demonstrated significant intrusion tolerance against attacks of various types, including UDP, ICMP and TCP based DDoS attacks. v This thesis is dedicated to my best friend and soul mate, Kevin vi Acknowledgements

[1]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[2]  Allen D. Householder,et al.  Managing the Threat of Denial-of-Service Attacks , 2001 .

[3]  李幼升,et al.  Ph , 1989 .

[4]  M. C. Revett,et al.  Network computing , 1997 .

[5]  Thomas M. Pigoski Practical Software Maintenance: Best Practices for Managing Your Software Investment , 1996 .

[6]  Jeff Forristal Review: fireproofing against DoS attacks , 2001 .

[7]  Brett Wilson,et al.  Autonomic Response to Distributed Denial of Service Attacks , 2001, Recent Advances in Intrusion Detection.

[8]  Yakov Rekhter,et al.  An Architecture for IP Address Allocation with CIDR , 1993, RFC.

[9]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[10]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[11]  Douglas Comer,et al.  Internetworking with TCP/IP , 1988 .

[12]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[13]  Linda Pesante,et al.  CERT® Coordination Center , 2002 .

[14]  Douglas Comer,et al.  Principles, protocols, and architecture , 1995 .

[15]  Henning Schulzrinne,et al.  Internet Quality of Service: An Overview , 2000 .

[16]  G. T. Gangemi,et al.  Computer Security Basics , 2006 .

[17]  Dan Massey,et al.  Intention-Driven ICMP Trace-Back , 2001 .

[18]  William Stallings,et al.  Cryptography and network security , 1998 .

[19]  Shyhtsun Felix Wu,et al.  DECIDUOUS: decentralized source identification for network-based intrusions , 1999, Integrated Network Management VI. Distributed Management for the Networked Millennium. Proceedings of the Sixth IFIP/IEEE International Symposium on Integrated Network Management. (Cat. No.99EX302).

[20]  Charles B. Weinstock,et al.  A Conceptual Framework for System Fault Tolerance , 1992 .

[21]  Stephen Northcutt,et al.  Intrusion Signatures and Analysis , 2001 .

[22]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[23]  Steve Liu,et al.  A Testbed for Study of Distributed Denial of Service Attacks (WA 2.4) , 2000 .

[24]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[25]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .