On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments

While intrusion detection systems have seen a great deal of commercialization in recent years, these products are not geared towards environments, which require support for high-performance applications and open access policy for collaboration. A second limitation of existing intrusion detection systems is their lack of flexibility to deal with the ever-evolving characteristics of the attacks, in terms of diversity and intensity. Moreover, applications in high-performance collaborative environments are very diverse, with possible extreme performance requirements. Consequently, effective strategies to detect attacks in these environments strongly depend on how closely the underlying intrusion detection mechanisms reflect the “specifics” of the application. The focus of this paper is on secure GRID and workflow environments. The purpose is to investigate a distributed defense method that can secure collaborative GRID and workflow environments and neutralize attacks before they reach their potential target en mass. To this end, the paper proposes a progressive, globally deployable sentinel scheme for data sampling, packet inspection, and DoS attack detection and recovery. A simulation framework is developed to study the performance of the proposed scheme. The results show a significant improvement in how the network deals with DoS attacks to secure GRID and workflow environments, in comparison to local DoS detection and prevention schemes.

[1]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[3]  George Varghese,et al.  On the difficulty of scalably detecting network attacks , 2004, CCS '04.

[4]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[6]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[7]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[8]  Riccardo Bettati,et al.  A Gateway-based Defense System for Distributed DoS Attacks in High-Speed Networks , 2001 .

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[10]  Edward G. Amoroso Intrusion Detection , 1999 .

[11]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[12]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[13]  Peng Ning,et al.  Alert correlation through triggering events and common resources , 2004, 20th Annual Computer Security Applications Conference.

[14]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[15]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Rami G. Melhem,et al.  Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks , 2004, J. Syst. Softw..

[17]  Ramesh Govindan,et al.  Cossack: coordinated suppression of simultaneous attacks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[18]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[19]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[20]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[21]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[22]  Taieb Znati,et al.  Design and analysis of an adaptive, global strategy for detecting and mitigating distributed DoS attacks in grid environments , 2006, 39th Annual Simulation Symposium (ANSS'06).

[23]  Pau-Chen Cheng,et al.  BlueBoX: A policy-driven, host-based intrusion detection system , 2003, TSEC.

[24]  A. Murali,et al.  A Survey on Intrusion Detection Approaches , 2005, 2005 International Conference on Information and Communication Technologies.