Distributed Change-Point Detection of DDoS Attacks: Experimental Results on DETER Testbed

It is highly desired to detect the DDoS flooding attacks at an early stage in order to launch effective countermeasures timely. We have developed a distributed change-point detection scheme to detect flooding type DDoS attacks over multiple network domains. The approach is to monitor the spatiotemporal pattern of the attack traffic. We have simulated the new defense system on the DETER testbed. The new scheme is proven scalable to cover hundreds of ISP-controlled network domains. With 4 network domains working collaboratively, we achieved on the DETER testbed a 98% detection rate with less than 1% false alarms.

[1]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[2]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[3]  Kotagiri Ramamohanarao,et al.  Detecting Distributed Denial of Service Attacks by Sharing Distributed Beliefs , 2003, ACISP.

[4]  kc claffy,et al.  Cooperation in Internet data acquisition and analysis , 1997 .

[5]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[6]  Shigang Chen,et al.  Perimeter-based defense against high bandwidth DDoS attacks , 2005, IEEE Transactions on Parallel and Distributed Systems.

[7]  Jelena Mirkovic,et al.  Distributed Defense Against DDoS Attacks , 2004 .

[8]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[9]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[10]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[11]  Michael Walfish,et al.  DDoS defense by offense , 2006, SIGCOMM 2006.

[12]  Kai Hwang,et al.  Collaborative detection and filtering of shrew DDoS attacks using spectral analysis , 2006, J. Parallel Distributed Comput..

[13]  Michael Walfish,et al.  DDoS defense by offense , 2006, TOCS.

[14]  Sushil Jajodia,et al.  Abstraction-based intrusion detection in distributed environments , 2001, TSEC.

[15]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[16]  Paul Barford,et al.  Self-configuring network traffic generation , 2004, IMC '04.

[17]  Kang G. Shin,et al.  Change-point monitoring for the detection of DoS attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[18]  Sonia Fahmy,et al.  Ddos Experiment Methodology * , 2006 .

[19]  Kai Hwang,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.

[20]  Songjie Wei,et al.  Benchmarks for DDOS Defense Evaluation , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[21]  John S. Heidemann,et al.  Identification of Repeated Denial of Service Attacks , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[22]  Xun Wang,et al.  On the effectiveness of secure overlay forwarding systems under intelligent distributed DoS attacks , 2006, IEEE Transactions on Parallel and Distributed Systems.

[23]  Dongho Kim,et al.  Experience with DETER: a testbed for security research , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[24]  Ramesh Govindan,et al.  Cossack: coordinated suppression of simultaneous attacks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[25]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[26]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.