Advertisement

A Pseudo State-Based Distributed DoS Detection Mechanism Using Dynamic Hashing

  • PyungKoo Park
  • SeongMin Yoo
  • Su-il Choi
  • Jaehyung Park
  • Ho Yong Ryu
  • JaeCheol Ryou
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 339)

Abstract

As distributed denial-of-service (DDoS) attacks have caused serious economic and social problems, there have been numerous researches to defend against them. The current DDoS defense system relies on a dedicated security device, which is located in front of the server it is required to protect. To detect DDoS attacks, this security device compares incoming traffic to known attack patterns. Since such a defense mechanism cannot prevent an influx of attack traffic into the network, and every packet must be compared against the known attack patterns, the mechanism often degrades the service. In this paper, we propose a pseudo state-based DDoS detection mechanism using dynamic hashing scheme, which runs on network devices to defend against DDoS attacks without sacrificing performance in terms of data forwarding. The proposed mechanism is suitable for both low- and high-rate attacks. In addition, we verified the performance of the proposed mechanism by evaluating its performance using a DDoS attack similar to the one that occurred in Korea and the USA on July 7th, 2009.

Keywords

Distributed Denial-of-Service Pseudo State Dynamic Hashing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proc. IEEE Infocom, pp. 1530–1539 (2002)Google Scholar
  2. 2.
    Ioannidis, J., Bellovin, S.M.: Implementing Pushback: Router-based Defense Against DDoS Attacks. In: Proc. NDSS 2002 (2002)Google Scholar
  3. 3.
    Gong, C., Sarac, K.: A More Practical Approach for Single-Packet IP Traceback Using Packet Logging and Marking. IEEE TPDS 19 (2008)Google Scholar
  4. 4.
    Kuzmanovic, A., Knightly, E.W.: Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies. IEEE/ACM Transactions on Networking (2001)Google Scholar
  5. 5.
  6. 6.
    Sun, H., Zhaung, Y., Chao, H.J.: A Principal Components Analysis-based Robust DDoS Defense System. In: ICCC (2008)Google Scholar
  7. 7.
    Shon, T., Kim, Y., Lee, C., et al.: A Machine Learning Framework for Network Anomaly Detection using SVM and GA. In: The 6th Annual IEEE SMC (2005)Google Scholar
  8. 8.
    BBC News: New ’cyber attacks’ hit S Korea (July 09, 2009) Google Scholar
  9. 9.
    Waldvogel, M., Varghese, G., Turner, J.: Scalable High Speed IP Routing Lookups (1997), dl.acm.org
  10. 10.
    Broder, A., Mitzenmacher, M.: Using multiple hash functions to improve IP lookups. In: IEEE INFOCOM (2001)Google Scholar
  11. 11.
    Litwin, W.: Linear Hashing: A New Tool For File and Table Addressing. IEEE (1980)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • PyungKoo Park
    • 1
  • SeongMin Yoo
    • 2
  • Su-il Choi
    • 3
  • Jaehyung Park
    • 3
  • Ho Yong Ryu
    • 1
  • JaeCheol Ryou
    • 2
  1. 1.Next Generation Network Research LaboratoryETRIDaejonKorea
  2. 2.Dept. of Computer EngineeringChungnam National UniversityDaejonKorea
  3. 3.School of Electronics and Computer EngineeringChonnam National UniversityGwangjuKorea

Personalised recommendations