More Web Proxy on the site http://driver.im/

article

Scalable multicast based filtering and tracing framework for defeating distributed DoS attacks

Authors:

Gustavo de VecianaAuthors Info & Claims

International Journal of Network Management, Volume 15, Issue 1

Pages 43 - 60

https://doi.org/10.1002/nem.543

Published: 01 January 2005 Publication History

Abstract

In this paper we present a distributed scalable framework to support on- demand filtering and tracing services for defeating distributed denial of service attacks. Our filtering mechanism is designed to quickly identify a set of boundary filter locations so that attack packets might be dropped as close as possible to their origin(s). We argue that precisely identifying the origins of an attack is not achievable when there is only a partial deployment of tracing nodes--as is likely to be the case in practice. Thus we present a tracing mechanism which can identify sets of candidate nodes containing attack origins. Both mechanisms leverage multicasting services to achieve scalable, responsive and robust operation, and operate with a partial and incremental deployment.Performance evaluations of proposed approaches on both real and synthetic topologies show that a small coverage of filtering and tracing components throughout a network can be effective at blocking and localizing attacks.

References

[1]

1. Computer Emergency Response Team, 'CERT advisory ca-2000-01 denial-of-service developments,' http://www.cert.org/advisories/CA-2000- 01.html.]]

[2]

2. Ferguson P, Senie D. Network ingress filtering: Defeating Denial of Service attacks which employ IP source address spoofing, RFC 2267, http://www.ietf.org/rfc, Jan. 1998.]]

Digital Library

[3]

3. Park K, Lee H. On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets, in Proc. ACM SIGCOMM, 2001.]]

Digital Library

[4]

4. Cisco Corporation, Characterizing and tracing packet floods using Cisco routers, www.cisco. com/warp/public/707/22.pdf.]]

[5]

5. Wang H, Bose A, El-Gendy M, Shin KG. IP easy- pass: Edge resource access control, in Proc. IEEE Infocom, 2004.]]

[6]

6. Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Kent ST, Strayer WT. Hash-based IP traceback, in Proc. ACM SIGCOMM, 2001.]]

Digital Library

[7]

7. Sung M, Xu J. IP traceback-based intelligent packet filtering: A novel technique for defending against Internet DDoS attacks, in IEEE International Conference on Network Protocols, 2002.]]

Digital Library

[8]

8. IETF secure multicast group, http://www. securemulticast.org.]]

[9]

9. Canetti R, Garay J, Itkis G, Micciancio D, Naor M, Pinkas B. Multicast security: A taxonomy and efficient constructions, in Proc. IEEE Infocom, 1999.]]

[10]

10. Li J, Reiher P, Popek G. Resilient self-organizing overlay networks for security update delivery. IEEE Journal on Selected Areas in Communications 2004.]]

[11]

11. Savage S, Wetherall D, Karlin A, Anderson T. Practical network support for IP traceback, in Proc. ACM SIGCOMM, 2000.]]

Digital Library

[12]

12. Song DX, Perrig A. Advanced and authenticated marking schemes for IP traceback, in Proc. IEEE Infocom, 2001.]]

[13]

13. Skitter, http: //www.caida.org/tools/ measurement/skitter/.]]

[14]

14. Internet mapping, http://cm.bell-labs.com/ who/ches/map/dbs/index.html/, 1999.]]

[15]

15. Krishnan P, Raz D, Shavitt Y. The cache location problem, IEEE/ACM Transactions on Networking 2000; 8:]]

Digital Library

[16]

16. Zegura EW, Calvert KL, Bhattacharjee S. How to model an Internet, in Proc. IEEE Infocom, 1996.]]

[17]

17. Li B, Golin MJ, Ialiano GF, Deng X. On the optimal placement of web proxies in the Internet, in Proc. IEEE Infocom, 1999.]]

[18]

18. Mahajan R, Bellovin SM, Floyd S, Ioannidis J, Paxson V, Shenker S. Controlling high bandwidth aggregates in the network, in http://www. aciri.org/pushback/pushback-toCCR.ps, submitted to CCR, July 2001.]]

[19]

19. Sager G. Security fun with OCxmon and cflowd, in Internet 2 Working Group Meeting, Nov. 1998, http://www.caida.org/projects/NGI/content/ security/1198.]]

[20]

20. Stallings W, SNMP, SNMP v2, SNMP v3 and RMON 1 and 2(Third Edition), Addison-Wesley, Inc., 1999.]]

Digital Library

[21]

21. Deering SE. Multicast Routing in a Datagram Internetwork, PhD. thesis, Stanford University, 1991.]]

Digital Library

[22]

22. Ballardie T, Francis P, Crowcroft J, Core based trees(CBT): An architecture for scalable interdomain multicast routing, in Proc. ACM SIGCOMM, 1993.]]

Digital Library

[23]

23. Estrin D, Farinacci D, Helmy A, Thaler D, Deering S, Handley M, Jacobson V, Liu C, Sharma P, Wei L. Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification, RFC 2362, http://www.ietf.org/rfc, June, 1998.]]

Digital Library

[24]

24. Thaler D, Estrin D, Meyer D. Border gateway multicast protocol (BGMP): Protocol specification, IETF draft, draft-ietf-bgmp-spec-01.txt, Mar. 2000.]]

[25]

25. Francis P. Yoid: Extending the Internet multicast architecture, in Tech. reports, ACIRI, http://www.aciri.org/yoid, 2000.]]

[26]

26. Chawathe Y. Scattercast: An architecture for Internet broadcast distribution as an infrastructure service, PhD. thesis, University of California, Berkeley, 2000.]]

Digital Library

[27]

27. Jannotti J, Gifford D, Johnson K, Kasshoek F, O'Toole J. Overcast: Reliable multicasting with an overlay network, in USENIX OSDI, 2000.]]

Digital Library

[28]

28. Chu Y, Rao S, Seshan S, Zhang H. Enabling conferencing applications on the Internet using an overlay multicast architecture, in Proc. ACM SIGCOMM, 2001.]]

Digital Library

[29]

29. Pendarakis D, Shi S, Verma D, Waldvogel M. ALMI: an application level multicast infrastructure, in 3rd USENIX Symposium on Internet Technologies and Systems (USITS), 2001.]]

Digital Library

[30]

30. Ratnasamy S, Francis P, Handley M, Karp R, Shenker S. A scalable content-addressable network, in Proc. ACM SIGCOMM, 2001.]]

Digital Library

[31]

31. Zhao B, Kubiatowicz J, Joseph A. Tapestry: An infrastructure for fault resilient wide-area location and routing, in Tech. Report. UCB//CSD-01-1141, U. C. Berkeley, 2001.]]

Digital Library

[32]

32. Ratnasamy S, Handley M, Karp R, Shenker S. Application-level multicast using content- addressable networks, in Proc. of Networked Group Communication (NGC), 2001.]]

Digital Library

[33]

33. Geng X, Whinston AB. Defeating distributed denial of service attacks, in IT Pro, July 2000.]]

Digital Library

[34]

34. Banga G, Druschel P, Mogul J, Resource containers: A new facility for resource management in server systems, in Proc. of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, Feb. 1999.]]

Digital Library

[35]

35. Spatscheck O, Peterson L. Defending against denial of service attacks in Scout, in Proc. of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, Feb. 1999.]]

Digital Library

[36]

36. Wang H, Zhang D, Shin KG. Detecting SYN flooding attacks, in Proc. IEEE Infocom, 2002.]]

[37]

37. Bellovin SM. ICMP traceback messages, IETF draft, draft-bellovin-itrace-05.txt, Mar. 2000.]]

[38]

38. Wu SF, Zhang L, Massey D, Mankin A. Intention- driven ICMP trace-back, IETF draft, draft-wu-itrace- 00.txt, Feb. 2001.]]

[39]

39. Park K, Lee H. On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in Proc. IEEE Infocom, 2001.]]

[40]

40. Schnackenberg D, Djahandari K, Sterne D. Infrastructure for intrusion detection and response, in Proc. First DARPA Information Survivability Conference and Exposition, 2000.]]

[41]

41. Duffield NG, Grossglauser M. Trajectory sampling for direct traffic observation, IEEE/ACM Transactions on Networking, 2001; 9(4):280-292.]]

Digital Library

Cited By

Patil RDevane SShekhawat RGaur MElci AVaidya JMakarevich OPoet ROrgun MDhaka VBohra MSingh VBabenko LSheykhkanloo NRahnama B(2017)Unmasking of source identity, a step beyond in cyber forensicProceedings of the 10th International Conference on Security of Information and Networks10.1145/3136825.3136870(157-164)Online publication date: 13-Oct-2017
https://dl.acm.org/doi/10.1145/3136825.3136870
Singh KSingh PKumar K(2016)A systematic review of IP traceback schemes for denial of service attacksComputers and Security10.1016/j.cose.2015.06.00756:C(111-139)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1016/j.cose.2015.06.007
Wang CYu CLiang CYu KOuyang WHsu CChen YOnoe SGuizani MChen HSawahashi M(2006)Tracers placement for IP traceback against DDoS attacksProceedings of the 2006 international conference on Wireless communications and mobile computing10.1145/1143549.1143620(355-360)Online publication date: 3-Jul-2006
https://dl.acm.org/doi/10.1145/1143549.1143620

Index Terms

Scalable multicast based filtering and tracing framework for defeating distributed DoS attacks
1. Computer systems organization
  1. Architectures
    1. Parallel architectures
      1. Multiple instruction, multiple data
2. Information systems
  1. Information retrieval
    1. Retrieval tasks and goals
      1. Document filtering
      2. Information extraction

Recommendations

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework
2019 IEEE Global Communications Conference (GLOBECOM)
Software Defined Networking (SDN) enables flexible and scalable network control and management. However, it also introduces new vulnerabilities that can be exploited by attackers. In particular, low-rate and slow or stealthy Denial-of-Service (DoS) ...
TCP Ack storm DoS attacks

We present Ack-storm DoS attacks, a new family of DoS attacks exploiting a subtle design flaw in the core TCP specifications. The attacks can be launched by a very weak MitM attacker, which can only eavesdrop occasionally and spoof packets (a Weakling ...
Provider-based deterministic packet marking against distributed DoS attacks

One of the most serious security threats on the Internet are Distributed Denial of Service (DDoS) attacks, due to the significant service disruption they can create and the difficulty in preventing them. In this paper, we propose new deterministic ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Network Management

International Journal of Network Management Volume 15, Issue 1

January 2005

69 pages

EISSN:1099-1190

Issue’s Table of Contents

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 January 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
253
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Patil RDevane SShekhawat RGaur MElci AVaidya JMakarevich OPoet ROrgun MDhaka VBohra MSingh VBabenko LSheykhkanloo NRahnama B(2017)Unmasking of source identity, a step beyond in cyber forensicProceedings of the 10th International Conference on Security of Information and Networks10.1145/3136825.3136870(157-164)Online publication date: 13-Oct-2017
https://dl.acm.org/doi/10.1145/3136825.3136870
Singh KSingh PKumar K(2016)A systematic review of IP traceback schemes for denial of service attacksComputers and Security10.1016/j.cose.2015.06.00756:C(111-139)Online publication date: 1-Feb-2016
https://dl.acm.org/doi/10.1016/j.cose.2015.06.007
Wang CYu CLiang CYu KOuyang WHsu CChen YOnoe SGuizani MChen HSawahashi M(2006)Tracers placement for IP traceback against DDoS attacksProceedings of the 2006 international conference on Wireless communications and mobile computing10.1145/1143549.1143620(355-360)Online publication date: 3-Jul-2006
https://dl.acm.org/doi/10.1145/1143549.1143620

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents