A Distributed and Coordinated Massive DDOS Attack Detection and Response Approach

Nowadays Distributed Denial of Service (DDoS) attacks related to networked enterprise systems is a problem that has become much known. Many papers dealt with this type of attacks. Recently DDoS attacks that target large cyberspaces like national cyberspaces have become a hot topic. We start from an existing architecture called Saher Architecture. Saher is used to detect attacks threatening Tunisian National cyberspace. We improve this architecture and propose an approach that allows using a consensus algorithm executed by the probes of the Internet Service Providers in order to detect and react to massive DDoS attacks in a coordinated fashion and under Byzantine assumptions. Different levels of alerts are proposed and the reaction mechanisms depend on the type of the attack. The final outcome of this research is a framework that affords the necessary mechanisms allowing a national cyberspace to counter massive DDoS attacks by coordinating internet Service Providers effort in order to detect and respond to the attacks.

[1]  Yasir Malik,et al.  Collaborative Peer to Peer Defense Mechanism for DDoS Attacks , 2011, ANT/MobiWIS.

[2]  A.L. Narasimha Reddy,et al.  Mitigation of DoS attacks through QoS regulation , 2002, IEEE 2002 Tenth IEEE International Workshop on Quality of Service (Cat. No.02EX564).

[3]  Roshan K. Thomas,et al.  Justification and Requirements for a National DDoS Defense Technology Evaluation Facility , 2003 .

[4]  A. Doudou,et al.  Muteness Detectors for Consensus with Byzantine Processes (Brief Announcement) , 1998, PODC 1998.

[5]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[6]  Khaled Barbaria,et al.  A Byzantine solution to early detect massive attacks , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[7]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[8]  Ari Juels,et al.  $evwu Dfw , 1998 .

[9]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[10]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[11]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[12]  Lukasz A. Kurgan,et al.  CAIM discretization algorithm , 2004, IEEE Transactions on Knowledge and Data Engineering.

[13]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[14]  Dong Seong Kim,et al.  Detection of DDoS attacks using optimized traffic matrix , 2012, Comput. Math. Appl..

[15]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[16]  Mario Gerla,et al.  D-ward: source-end defense against distributed denial-of-service attacks , 2003 .

[17]  S. Selvakumar,et al.  Distributed denial of service attack detection using an ensemble of neural classifier , 2011, Comput. Commun..

[18]  Vijay Varadharajan,et al.  A Practical Method to Counteract Denial of Service Attacks , 2003, ACSC.