An active security protocol against DoS attacks

Denial of service (DoS) attacks represent, in today's Internet, one of the most complex issues to address. A session is under a DoS attack if it cannot achieve its intended throughput due to the misbehavior of other sessions. Many research studies dealt with DoS, proposing models and/or architectures mostly based on an attack prevention approach. Prevention techniques lead to different models, each suitable for a single type of misbehavior, but do not guarantee the protection of a system from a more general DoS attack. We analyze the fundamental requirements to be satisfied in order to protect hosts and routers from any form of distributed DoS (DDoS). Then we propose a network signaling protocol, named active security protocol(ASP), which satisfies most of the defined requirements. ASP provides an active protection from a DDoS attack, being able to adapt its defense strategies to the current type of violation. Protocol specification and design are performed using an object oriented methodology: we used Unified Modeling Language (UML) as a software description language.

[1]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[2]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[3]  H. Javitz,et al.  IDES : The Enhanced Prototype A Real-Time Intrusion-Detection Expert System , 1988 .

[4]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[5]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[6]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[7]  Hervé Debar,et al.  Intrusion Detection Exchange Format Data Model , 2000 .

[8]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[9]  Dogan Kesdogan,et al.  The Advanced Computing Systems Association Proceedings of the Workshop on Intrusion Detection and Network Monitoring Transaction-based Anomaly Detection Transaction-based Anomaly Detection , 2022 .

[10]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[11]  Sebastian G. Elbaum,et al.  Intrusion Detection Through Dynamic Software Measurement , 1999, Workshop on Intrusion Detection and Network Monitoring.

[12]  P. Chouhan Introducing New Internet Services : Why and How , 2003 .

[13]  Sandeep Kumar,et al.  Classification and detection of computer intrusions , 1996 .

[14]  Jeffrey K. Hollingsworth,et al.  Open Programmable Architecture for Java-enabled Network Devices , 1999 .

[15]  Konstantinos Psounis,et al.  Active networks: Applications, security, safety, and architectures , 1999, IEEE Communications Surveys & Tutorials.