Distributed Change-Point Detection of DDoS Attacks: Experimental Results on DETER Testbed
نویسندگان
چکیده
It is highly desired to detect the DDoS flooding attacks at an early stage in order to launch effective countermeasures timely. We have developed a distributed change-point detection scheme to detect flooding type DDoS attacks over multiple network domains. The approach is to monitor the spatiotemporal pattern of the attack traffic. We have simulated the new defense system on the DETER testbed. The new scheme is proven scalable to cover hundreds of ISP-controlled network domains. With 4 network domains working collaboratively, we achieved on the DETER testbed a 98% detection rate with less than 1% false alarms.
منابع مشابه
Distributed Change-Point Detection of DDoS Attacks over Multiple Network Domains
Distributed denial of services (DDoS) attacks post a major threat to Internet security. This paper proposes a distributed system to detect flooding DDoS attacks at the earliest possible time. At the launching stage of a DDoS attack, some changes in traffic fluctuation are detectable at the router or gateway level. We develop a distributed change-point (DCP) detection architecture using change a...
متن کاملAutomating DDoS Experimentation
While the DETER testbed provides a safe environment and basic tools for security experimentation, researchers face a significant challenge in assembling the testbed pieces and tools into realistic and complete experimental scenarios. In this paper, we describe our work on automating experimentation for distributed denial-ofservice attacks. We developed the following automation tools: (1) the Ex...
متن کاملClassification of UDP Traffic for DDoS Detection
UDP traffic has recently been used extensively in flooding-based distributed denial of service (DDoS) attacks, most notably by those launched by the Anonymous group. Despite extensive past research in the general area of DDoS detection/prevention, the industry still lacks effective tools to deal with DDoS attacks leveraging UDP traffic. This paper presents our investigation into the proportiona...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کامل