Protocol Share Based Traffic Rate Analysis (PSBTRA) for UDP Bandwidth Attack

Internet is based on best effort and end to end design principles. Although they are the reasons for the Internet’s high efficiency and popularity, they also resulted in many inherent security problems such as the Bandwidth Attacks. There are two main characteristics of bandwidth attack. First, during an attack the incoming traffic rate is much higher than the outgoing traffic rate. Second, the proportion of protocol exploited by the attacker is higher as compare to other protocols in the traffic. Based on these two characteristics, a UDP bandwidth attack detection system based on Protocol Share Based Traffic Rate Analysis (PSBTRA) is proposed. Experiments on real world network shows that this approach can effectively detect UDP bandwidth attacks.

[1]  Sanguk Noh,et al.  Detecting Distributed Denial of Service (DDoS) Attacks through Inductive Learning , 2003, IDEAL.

[2]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[3]  Xiao-jing Wang,et al.  IP Traceback Based on Deterministic Packet Marking and Logging , 2009, 2009 International Conference on Scalable Computing and Communications; Eighth International Conference on Embedded Computing.

[4]  A. Rungsawang,et al.  Distributed denial of service detection using TCP/IP header and traffic measurement analysis , 2004, IEEE International Symposium on Communications and Information Technology, 2004. ISCIT 2004..

[5]  David D. Clark,et al.  Rethinking the design of the Internet , 2001, ACM Trans. Internet Techn..

[6]  Wei Yen,et al.  Defending Application DDoS with Constraint Random Request Attacks , 2005, 2005 Asia-Pacific Conference on Communications.

[7]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[8]  M. Uysal,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[9]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[10]  D ClarkDavid,et al.  Rethinking the design of the Internet , 2001 .

[11]  Hilarie K. Orman,et al.  The Morris Worm: A Fifteen-Year Perspective , 2003, IEEE Secur. Priv..

[12]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[13]  H. Lipson Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues , 2002 .

[14]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[15]  Supranamaya Ranjan,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[16]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[17]  Alexander G. Tartakovsky,et al.  A novel approach to detection of \denial{of{service" attacks via adaptive sequential and batch{sequential change{point detection methods , 2001 .

[18]  James A. Larson,et al.  Guidelines for multimodal user interface design , 2004, CACM.

[19]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[20]  Stephen F. Bush,et al.  Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics , 2005, Journal of Network and Systems Management.

[21]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009, TNET.

[22]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[23]  Wenke Lee,et al.  Proactive detection of distributed denial of service attacks using MIB traffic variables-a feasibility study , 2001, 2001 IEEE/IFIP International Symposium on Integrated Network Management Proceedings. Integrated Network Management VII. Integrated Management Strategies for the New Millennium (Cat. No.01EX470).

[24]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[25]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[26]  Johann van der Merwe,et al.  A survey on peer-to-peer key management for mobile ad hoc networks , 2007, CSUR.

[27]  D. Saunders The brave new world , 1999 .

[28]  Ehab Al-Shaer,et al.  Adaptive Early Packet Filtering for Defending Firewalls Against DoS Attacks , 2009, IEEE INFOCOM 2009.

[29]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[30]  S. M. Bellovin,et al.  Security problems in the TCP/IP protocol suite , 1989, CCRV.

[31]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[32]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.