Distributed denial-of-service and intrusion detection

The proliferation of Internet applications and network-centric services is bringing network and system security issues to the fore. The past few years have seen a significant increase in cyber attacks on the Internet, resulting in degraded confidence and trusts in the use of Internet. The attacks, including distributed denial-of-service (DDoS) and worms, are getting more sophisticated, spreading faster, and causing more damages. The attacks originally exploited the weakness of the individual protocols and operating systems, but now also have started to attack the basic infrastructure of the Internet. DDoS attacks against popular Web sites, including Amazon, CNN, and Yahoo in early 2000, already demonstrated how damaging they are. The services of those Web sites were unavailable for hours and days. New instances of DDoS attacks on both government and commercial organizations continue to be reported. Clearly, these attacks threaten the security and availability of our vital information infrastructures, in which our business and government operations and services are dependent upon. Many research advances are being made in the areas of authentication, authorization, firewall and access control, DoS/DDoS, intrusion detection and prevention, security protocols, and mobile code security, etc. This special issue of Journal of Network and Computer Applications is targeted at related issues in DDoS and intrusion detection. The purpose was to report both theoretical and practical solutions to some of the problems, and to identify new areas of research. Topic areas covered include, authentication and authorization, DoS and DDoS, intrusion detection, intrusion prevention, firewalls, access control, mobile codes security, Internet worms, and network security protocols. Response to the call for papers was overwhelming. From those quality submissions, seven were accepted for publication in this special issue. The main goal of DDoS attacks is to completely tie up certain resources so that legitimate users are not able to access a service. In the first paper, ‘‘Stateful DDoS attacks and Targeted Filtering’’, S. Chen, Y. Yang, and W. Du, identify a class of stateful DDoS attacks that defeat the existing cookie-based solutions. They then propose a new defence mechanism, called targeted filtering, to defeat the stateful attacks. The mechanism establishes filters at a firewall and automatically converges the filters to the flooding sources while leaving the rest of the Internet unblocked. The defense mechanism is evaluated by both analysis and simulations. A Linux-based prototype is implemented with experimental results that demonstrate the effectiveness of targeted filtering. Keeping commercial servers in the Internet up and running 24/7 is an asymmetric struggle: while attackers are able to exploit the processing and bandwidth resources and the flexibility of a huge number of compromised hosts to install malicious tools and launch