Beyond the perimeter: the need for early detection of denial of service attacks

The threat to organisations from network attacks is very real. Current countermeasures to denial of service (DoS) attacks rely on the perimeter model of network security. However, as the case study and analysis in this paper make apparent, the perimeter model, which relies on firewalls and intrusion detection systems, is unable to provide an effective defence against DoS attacks. Therefore, there is a need for a new approach; one that identifies an attack beyond the perimeter. We present such an approach. We achieve early detection of DoS attacks by the identification of traffic signatures which indicate that an attack is underway. As these signatures can be identified 'outside' the perimeter, appropriate measures can be taken to prevent the attack from succeeding. We use examples of DoS attacks and a case study to demonstrate the applicability of our approach.

[1]  Ross J. Anderson,et al.  Jikzi - a new framework for security policy, trusted publishing and electronic commerce , 2000, Comput. Commun..

[2]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[3]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[4]  Carsten Benecke,et al.  A parallel packet screen for high speed networks , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  Yuliang Zheng,et al.  A Method to Implement a Denial of Service Protection Base , 1997, ACISP.

[6]  Nei Kato,et al.  Towards trapping wily intruders in the large , 2000, Recent Advances in Intrusion Detection.

[7]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[8]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[9]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[10]  Thomer M. Gil,et al.  MULTOPS: A Data-Structure for Bandwidth Attack Detection , 2001, USENIX Security Symposium.

[11]  T. Bass,et al.  E-mail bombs and countermeasures: cyber attacks on availability and brand integrity , 1998, IEEE Netw..

[12]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[13]  Yin Zhang,et al.  Detecting Backdoors , 2000, USENIX Security Symposium.

[14]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[15]  R. Power CSI/FBI computer crime and security survey , 2001 .

[16]  S. Muftic,et al.  Security Architecture for Open Distributed Systems , 1993 .

[17]  Qi Shi,et al.  The Threat From Within -An Analysis of Attacks on anInternal Network , 2002, SEC.

[18]  Paul E. Proctor,et al.  Practical Intrusion Detection Handbook , 2000 .