Abstract
The Cooperative Intrusion Traceback and Response Architecture (CITRA) [1] and the Intruder Detection and Isolation Protocol (IDIP) [2] provide an infrastructure that enables intrusion detection systems, firewalls, routers, and other components to cooperatively trace and block network intrusions as close to their sources as possible. We present the results of recent testbed experiments using CITRA and IDIPto defend streaming multimedia sessions against the Stacheldraht DDoS toolkit. Experimental data suggests that these technologies represent a promising approach for autonomic DDoS defense.
This research was supported by DARPA/Rome Laboratory Contracts F30602-98-C- 0012, F30602-99-C-0181, and F30602-97-C-0309. Distribution Statement “A“, Approved for Public Release - Distribution Unlimited.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, and D. Sterne, “Cooperative Intrusion Traceback and Response Architecture (CITRA),” Proceedings of the Second DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
D. Schnackenberg, K. Djahandari, and D. Sterne, “Infrastructure for Intrusion Detection and Response,” Proceedings of the DARPA Information Survivability Conference and Exposition, Hilton Head, SC, January 2000.
Arbor Networks-http://www.arbornetworks.com.
Recourse Technologies ManHunt product description-http://www.recourse.com/products/manhunt/features.html.
R. Stone, “CenterTrack: An IPOv erlay Network for Tracking DoS Floods,” Proceedings of the 9th USENIX Security Symposium, Denver, CO, August 14-17, 2000.
“Protocol Definition-Intruder Detection and Isolation Protocol Concept, Dynamic Cooperating Boundary Controllers Interim Technical Report,” Boeing Document Number D658-10732-1, Boeing Defense & Space Group, Seattle, WA, January 1997 (ftp://ftp.tislabs.com/pub/IDIP/DCBC_Interim_Report.pdf).
CERT cAdvisory CA-2000-01 Denial-of-Service Developments, http://www.cert.org/advisories/CA-2000-01.html.
S. Ying, “IA0126 DDoS Automated Response Re-Run,” presentation given at DARPA Information Assurance Program Biweekly Meeting, September 29, 2000 (http://ests.bbn.com/dscgi/ds.py/Get/File-2392/ia0126_Brief.ppt or ftp://ftp.tislabs.com/pub/IDIP/Ying_briefing.ppt.
L. Sanchez, W. Milliken, A. Snoeren, F. Tchakountio, C. Jones, S. Kent, C. Partridge, and W. Strayer, “Hardware Support for a Hash-Based IPT raceback,” Proceedings of the Second DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, June 2001.
S. Floyd, S. Bellovin, J. Ioannidis, R. Mahajan, V. Paxson, and S. Shenker, “Aggregate-Based Congestion Control and Pushback,” ACIRI Annual Review, December 5, 2000 http://www.aciri.org/floyd/talks/ACIRI-Dec00.pdf.
R. Mahajan and S. Floyd, “Controlling High-Bandwidth Flows at the Congested Router,” AT&T Center for Internet Research at ICSI (ACIRI), Preliminary Draft, November 20, 2000 (http://www.aciri.org/floyd/papers/red-pd.pdf).
R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” AT&T Center for Internet Research at ICSI (ACIRI), DRAFT, February 5, 2001 (http://www.research.att.com/smb/papers/DDOS-lacc.pdf).
Steven M. Bellovin, Editor, “ICMPT raceback Messages,” Internet Draft: draft-bellovin-itrace-00.txt, Mar. 2000.
Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical Network Support for IPT raceback,” Proceedings of the 2000 ACM SIGCOMM Conference, August 2000.
Dawn X. Song and Adrian Perrig, “Advanced and Authenticated Marking Schemes for IPT raceback,” Report No. UCB/CSD-00-1107, Computer Science Division (EECS) University of California, Berkeley, California, June 2000. Autonomic Response to Distributed Denial of Service Attacks 149
H. Y. Chang, P. Chen, A. Hayatnagarkar, R. Narayan, P. Sheth, N. Vo, C. L. Wu, S. F. Wu, L. Zhang, X. Zhang, F. Gong, F. Jou, C. Sargor, and X. Wu, “Design and Implementation of A Real-Time Decentralized Source Identification System for Untrusted IPP ackets,” Proceedings of the DARPA Information Survivability Conference & Exposition, January 2000.
Glenn Sager, “Security Fun with OCxmon and cflowd,” Presentation at the Internet-2 Measurement Working Group, November 1998 (http://www.caida.org/projects/ngi/content/security/1198/mt0009.htm).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sterne, D. et al. (2001). Autonomic Response to Distributed Denial of Service Attacks. In: Lee, W., Mé, L., Wespi, A. (eds) Recent Advances in Intrusion Detection. RAID 2001. Lecture Notes in Computer Science, vol 2212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45474-8_9
Download citation
DOI: https://doi.org/10.1007/3-540-45474-8_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42702-5
Online ISBN: 978-3-540-45474-8
eBook Packages: Springer Book Archive