Distributed Defense Against Distributed Denial-of-Service Attacks

Shi, Wei; Xiang, Yang; Zhou, Wanlei

doi:10.1007/11564621_41

Distributed Defense Against Distributed Denial-of-Service Attacks

Wei Shi¹⁹,
Yang Xiang¹⁹ &
Wanlei Zhou¹⁹

Conference paper

590 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3719))

Abstract

Distributed defense is a promising way to neutralize the distributed Denial-of-Service attacks by detecting and responding the attacking sources widespread around the Internet. Components of the distributed defense system will cooperate with each other to combat the attacks. Compared with the centralized defense systems, distributed defense systems can discover the attacks more timely from both source end and victim end, fight the attacks with more resources and take advantage of more flexible strategies. This paper investigates 7 distributed defense systems which make use of various strategies to mitigate the DDoS attacks. Different architectures are designed in these 7 systems to provide distributed DDoS defense solutions. We evaluate these systems in terms of deployment, detection, response, security, robustness and implementation. For each criteria, we give a recommendation on which technologies are best suitable for a successful distributed defense system based on the analysis result. Finally we propose our idea on the design of an effective distributed defense system.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

CERT/CC, Security Statistics during 1988-2002, Computer Emergency Response Team, Carnegie Mellon University, Pittsburgh, PA, October 20 (2002), http://www.cert.org/stats/cert_atates.html
Cisco QoS and DDoS Engineering Issues for Adaptive Defense Network, MITRE. 7/25/2001, http://www.mitre.org/support/papers/tech_papers_01/moore_cisco/index.shtml
Gibson, S.: Distributed Reflection Denial-of-Service Attacks. Gibson Research Corporation (2002), http://grc.com/dos/drdos.htm
Mirkovic, J., Robinson, M., Reiher, P.: Alliance Formation for DDoS Defense, New Security Paradigms Workshop 2003, pp. 11–18 (2003)
Google Scholar
Schnackenberg, D., Djahandari, K., Sterne, D.: Infrastructure for Intrusion Detection and Response. In: Proc. of the DARPA Information Survivability Conference and Exposition 2000 (2000)
Google Scholar
Mahajan, R., Bellovin, S.M., Floyd, S.: Controlling High Bandwidth Aggregates in the Network. Computer Communications Review 32(3), 62–73 (2002)
Article Google Scholar
Canonico, R., Cotroneo, D., Peluso, L., Romano, S.P., Ventre, G.: Programming Routers to Improve Network Security. In: Proc. of the OPENSIG 2001 Workshop Next Generation Network Programming (2001)
Google Scholar
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of Network and Distributed System Security Symposium, NDSS 2002 (2002)
Google Scholar
Cs3, Inc. MANAnet DDoS White Papers, http://www.cs3-inc.com/mananet.html
Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A., Govindan, R.: COSSACK: Coordinated Suppression of Simultaneous Attacks. In: DARPA Information Survivability Conference and Exposition III, pp. 2–13 (2003)
Google Scholar
Aljifri, H.: IP Traceback: A New Denial-of-Service Deterrent? IEEE Security & Privacy 1(3), 24–31 (2003)
Article Google Scholar
Xiang, Y., Zhou, W., Rough, J.: Trace IP Packets by Flexible Deterministic Packet Marking (FDPM). In: IEEE International Workshop on IP Operations & Management (2004)
Google Scholar
Eronen, P.: Denial of Service in Public Key Protocols. Proc. of the Helsinki University of Technology Seminar on Network Security (2000)
Google Scholar
Leiwo, J., Aura, T., Nikander, P.: Towards Network Denial Of Service Resistant Protocols. In: 8th International Security Protocols Workshop, Cambridge, UK, April 3-5, pp. 301–310 (2000)
Google Scholar
Xiang, Y., Zhou, W.: Mark-aided Distributed Filtering by Using Neural Network for DDoS Defense. IEEE GLOBECOM (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Information Technology, Deakin University, Melbourne Campus, Burwood, 3125, Australia
Wei Shi, Yang Xiang & Wanlei Zhou

Authors

Wei Shi
View author publications
You can also search for this author in PubMed Google Scholar
Yang Xiang
View author publications
You can also search for this author in PubMed Google Scholar
Wanlei Zhou
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Technology, Geelong, Deakin University, 3217, Vic, Australia
Michael Hobbs
School of Engineering and Information Technology, Deakin University, Pigdons Road, Geelong
Andrzej M. Goscinski
Deakin University, Melbourne, Australia
Wanlei Zhou

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Shi, W., Xiang, Y., Zhou, W. (2005). Distributed Defense Against Distributed Denial-of-Service Attacks. In: Hobbs, M., Goscinski, A.M., Zhou, W. (eds) Distributed and Parallel Computing. ICA3PP 2005. Lecture Notes in Computer Science, vol 3719. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11564621_41

Download citation

DOI: https://doi.org/10.1007/11564621_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29235-7
Online ISBN: 978-3-540-32071-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics