Abstract
In this paper, we propose a cooperative management method to increase the service survivability in a large-scale networked information system. We assume that the system is composed of multiple domains and there exists a domain manager in each domain, which is responsible to monitor network traffics and control resource usage in the domain. Inter-domain cooperation against distributed denial of service (DDoS) attacks is achieved through the exchange of pushback and feedback messages. The management method is designed not only to prevent network resources from being exhausted by the attacks but also to increase the possibility that legitimate users can fairly access the target services. Though the experiment on a test-bed, the proposed method was verified to be able to maintain high survivability in a cost-effect manner even when DDoS attacks exist.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aiello, W., Ioannidis, J., McDaniel, P.: Origin Authentication in interdomain routing. In: Proceedings of the 10th ACM conference on Computer and communications security (October 2003)
Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing, 20–26 (March-April 2002)
Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine (July 2003)
Ioannidis, J., Bellovin, S.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proceedings of the Network and Distributed System Security Symposium (February 2002)
KICS of Korea Information Security Agency: Intercept and Analysis Technologies Against DDoS Attacks (September 2004)
Lakhina, A., Crovella, M., Diot, C.: Characterization of Network- Wide Anomalies in Traffic Flows. In: IMC 2004 (October 2004)
Mahajan, R., Bellovin, S.M., Floyd, S., loannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. ACM SIGCOMM Computer Communications Review 32(3) (July 2002)
Min, B.J., Kim, S.K., Choi, J.S.: Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 174–187. Springer, Heidelberg (2003)
Peng, T., Leckie, C., Ramamohanarao, K.: Defending Against Distributed Denial of Services Attacks Using Selective Pushback. In: Proceedings of the 9th IEEE Int’l Conference on Telecommunications (June 2002)
BGPExpert.com : How to Get Rid of Denial of Service Attacks, http://www.bgpexpert.com/antidos.php
Cisco : Unicast Reverse Path Forw -ding(uRPF) Enhancements for the ISP-ISP Edge, ftp://ft-eng.cisco.com/cons/isp/security/URPF-ISP.pdf
waterspring.org : Configuring BGP to Block Denial-of-Service Attacks, http://www.watersprings.org/pub/id/draft-turk-bgp-dos-01.txt
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S.K., Min, B.J., Jung, J.C., Yoo, S.H. (2005). Cooperative Security Management Enhancing Survivability Against DDoS Attacks. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3480. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424758_27
Download citation
DOI: https://doi.org/10.1007/11424758_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25860-5
Online ISBN: 978-3-540-32043-2
eBook Packages: Computer ScienceComputer Science (R0)