A novel approach for a Distributed Denial of Service Detection Engine

In our present work we present some of the most popular data fusion algorithms that have inspired us to build an innovative Distributed Denial of Service (DDoS) Detection Engine. Our approach is based on the mathematical ground of Dempster-Shafer’s Theory of Evidence (D-S). Using a set of simple heuristics to feed our D-S inference engine we attempt to detect flooding attacks in a set of experiments, that were conducted in real network topologies (in the National Technical University of Athens campus) using well known DDoS tools, like Stacheldraht. The use of D-S model to express beliefs in some hypotheses, the ability to add the notion of uncertainty in the system and the quantitative measurement of the belief and plausibility of our detection results are some of the main advantages that this theory adds to an Intrusion detection framework and especially in comparison to a Bayesian estimator approach. Finally, we discuss several implementation and deployment issues in the context of security management and DDoS mitigating techniques.

[1]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[2]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[3]  Martin Roesch,et al.  SNORT: The Open Source Network Intrusion Detection System 1 , 2002 .

[4]  Kevin Tomsovic Fuzzy Information Approaches to Equipment Condition Monitoring and Diagnosis , 2000 .

[5]  Hanseok Ko,et al.  TRAFFIC INCIDENT DETECTION USING EVIDENTIAL REASONING BASED DATA FUSION , 1999 .

[6]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[7]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[8]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[9]  D. L. Hall,et al.  Mathematical Techniques in Multisensor Data Fusion , 1992 .

[10]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[11]  Jürg Kohlas,et al.  Theory of evidence — A survey of its mathematical foundations, applications and computational aspects , 1994, Math. Methods Oper. Res..

[12]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[13]  D. Curry,et al.  Intrusion Detection Message Exchange Format Data Model and Extensible Markup Language (XML) Document Type Definition , 2004 .

[14]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.