论文信息 - TrustGuard: A flow-level reputation-based DDoS defense system

TrustGuard: A flow-level reputation-based DDoS defense system

Distributed Denial of Service (DDoS) attacks pose one of the most serious security threats to the Internet. We examine the drawbacks of existing defense schemes. To combat these deficiencies, we propose a credit-based defense system: TrustGuard. Essentially, flows accumulate credit based on the diversity of their packet-size distribution. The more diverse the flow, the more credit it has. Since DDoS attacks demonstrate low diversity they accumulate less credit and are likely to be dropped by the system. Naturally, the performance of TrustGuard greatly depends on the choice of credit accumulation and flow selection methods. We derive our solution by identifying the essential characteristics of DDoS attacks. Our analysis accounts for both micro and macro behaviors of DDoS attacks. The primary goal of this work is to not only detect the occurrence of a DDoS attack, but to also identify the attackers and victims involved. Experimental results demonstrate that TrustGuard performs admirably in both cases.

Victor C. Valgenti | Min Sik Kim | Yan Sun | Haiqin Liu

[1] Jayashree Padmanabhan,et al. Trust based traffic monitoring approach for preventing denial of service attacks , 2009, SIN '09.

[2] Tu Xu,et al. Detecting DDOS Attack Based on One-Way Connection Density , 2006, 2006 10th IEEE Singapore International Conference on Communication Systems.

[3] J. Mirkovic,et al. Fine-grained capabilities for flooding DDoS defense using client reputations , 2007, LSAD '07.

[4] Peter Reiher,et al. A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[5] Antonio Nucci,et al. Robust and efficient detection of DDoS attacks for large-scale internet , 2007, Comput. Networks.

[6] Vyas Sekar,et al. Analyzing large DDoS attacks using multiple data sources , 2006, LSAD '06.

[7] Ying Li,et al. Preventing DDoS Attacks Based on Credit Model for P2P Streaming System , 2008, ATC.

[8] Kang G. Shin,et al. Change-point monitoring for the detection of DoS attacks , 2004, IEEE Transactions on Dependable and Secure Computing.

[9] Vyas Sekar,et al. An empirical evaluation of entropy-based traffic anomaly detection , 2008, IMC '08.

[10] Farouk Kamoun,et al. Joint Entropy Analysis Model for DDoS Attack Detection , 2009, 2009 Fifth International Conference on Information Assurance and Security.