Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Distributed Defense Against Distributed Denial-of-Service Attacks

  • Conference paper
Distributed and Parallel Computing (ICA3PP 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3719))

Abstract

Distributed defense is a promising way to neutralize the distributed Denial-of-Service attacks by detecting and responding the attacking sources widespread around the Internet. Components of the distributed defense system will cooperate with each other to combat the attacks. Compared with the centralized defense systems, distributed defense systems can discover the attacks more timely from both source end and victim end, fight the attacks with more resources and take advantage of more flexible strategies. This paper investigates 7 distributed defense systems which make use of various strategies to mitigate the DDoS attacks. Different architectures are designed in these 7 systems to provide distributed DDoS defense solutions. We evaluate these systems in terms of deployment, detection, response, security, robustness and implementation. For each criteria, we give a recommendation on which technologies are best suitable for a successful distributed defense system based on the analysis result. Finally we propose our idea on the design of an effective distributed defense system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. CERT/CC, Security Statistics during 1988-2002, Computer Emergency Response Team, Carnegie Mellon University, Pittsburgh, PA, October 20 (2002), http://www.cert.org/stats/cert_atates.html

  2. Cisco QoS and DDoS Engineering Issues for Adaptive Defense Network, MITRE. 7/25/2001, http://www.mitre.org/support/papers/tech_papers_01/moore_cisco/index.shtml

  3. Gibson, S.: Distributed Reflection Denial-of-Service Attacks. Gibson Research Corporation (2002), http://grc.com/dos/drdos.htm

  4. Mirkovic, J., Robinson, M., Reiher, P.: Alliance Formation for DDoS Defense, New Security Paradigms Workshop 2003, pp. 11–18 (2003)

    Google Scholar 

  5. Schnackenberg, D., Djahandari, K., Sterne, D.: Infrastructure for Intrusion Detection and Response. In: Proc. of the DARPA Information Survivability Conference and Exposition 2000 (2000)

    Google Scholar 

  6. Mahajan, R., Bellovin, S.M., Floyd, S.: Controlling High Bandwidth Aggregates in the Network. Computer Communications Review 32(3), 62–73 (2002)

    Article  Google Scholar 

  7. Canonico, R., Cotroneo, D., Peluso, L., Romano, S.P., Ventre, G.: Programming Routers to Improve Network Security. In: Proc. of the OPENSIG 2001 Workshop Next Generation Network Programming (2001)

    Google Scholar 

  8. Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of Network and Distributed System Security Symposium, NDSS 2002 (2002)

    Google Scholar 

  9. Cs3, Inc. MANAnet DDoS White Papers, http://www.cs3-inc.com/mananet.html

  10. Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: Coordinated Suppression of Simultaneous Attacks. In: DARPA Information Survivability Conference and Exposition III, pp. 2–13 (2003)

    Google Scholar 

  11. Aljifri, H.: IP Traceback: A New Denial-of-Service Deterrent? IEEE Security & Privacy 1(3), 24–31 (2003)

    Article  Google Scholar 

  12. Xiang, Y., Zhou, W., Rough, J.: Trace IP Packets by Flexible Deterministic Packet Marking (FDPM). In: IEEE International Workshop on IP Operations & Management (2004)

    Google Scholar 

  13. Eronen, P.: Denial of Service in Public Key Protocols. Proc. of the Helsinki University of Technology Seminar on Network Security (2000)

    Google Scholar 

  14. Leiwo, J., Aura, T., Nikander, P.: Towards Network Denial Of Service Resistant Protocols. In: 8th International Security Protocols Workshop, Cambridge, UK, April 3-5, pp. 301–310 (2000)

    Google Scholar 

  15. Xiang, Y., Zhou, W.: Mark-aided Distributed Filtering by Using Neural Network for DDoS Defense. IEEE GLOBECOM (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Technology, Deakin University, Melbourne Campus, Burwood, 3125, Australia

    Wei Shi, Yang Xiang & Wanlei Zhou

Authors
  1. Wei Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yang Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wanlei Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology, Geelong, Deakin University, 3217, Vic, Australia

    Michael Hobbs

  2. School of Engineering and Information Technology, Deakin University, Pigdons Road, Geelong

    Andrzej M. Goscinski

  3. Deakin University, Melbourne, Australia

    Wanlei Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shi, W., Xiang, Y., Zhou, W. (2005). Distributed Defense Against Distributed Denial-of-Service Attacks. In: Hobbs, M., Goscinski, A.M., Zhou, W. (eds) Distributed and Parallel Computing. ICA3PP 2005. Lecture Notes in Computer Science, vol 3719. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11564621_41

Download citation

  • DOI: https://doi.org/10.1007/11564621_41

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29235-7

  • Online ISBN: 978-3-540-32071-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation