DiCoDefense: Distributed Collaborative Defense against DDoS Flooding attacks
نویسندگان
چکیده
Detecting Distributed Denial of Service (DDoS) flooding attacks as soon as possible before they affect the victims, identifying the sources of the attacks, and finally stopping them by blocking or rate limiting the attack traffic is the ultimate goal of current defense mechanisms. The success in detecting and responding to DDoS flooding attacks is highly dependent on the data monitored by the employed traffic monitoring mechanisms, the degree of collaboration among various domains, and the response approach employed in various domains. In this poster, we present DiCoDefense, which is a distributed collaborative defense mechanism whose main goal is to detect and respond to high volume DDoS flooding attacks closer to the sources of the attacks.
منابع مشابه
A Defense Framework for Flooding-based DDoS Attacks
Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large amount of malicious traffic. Existing networklevel congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. Although a number of technique...
متن کاملA Firegroup Mechanism to Provide Intrusion Detection and Prevention System Against DDos Attack in Collaborative Clustered Networks
Distributed Denial of Service (DDOS) attacks are the major concern for security in the collaborative networks. Although non DDOS attacks are also make the network performances poor, the effect of DDOS attacks is severe. In DDOS attacks, flooding of the particular node as victim and jam it with massive traffic happens and the complete network performance is affected. In this paper, a novel Intru...
متن کاملA survey of DDoS Service Attacks in Collaborative Intrusion Detection System
A DDoS (Distributed Denial-of-Service) attack is a distributed large-scale attempt by malicious users to flood the victim network with an enormous number of packets. This exhausts the victim network of resources such as bandwidth, computing power, etc., the victim is unable to provide services to its legitimate clients and network performance is greatly deteriorated. There are many proposed met...
متن کاملGridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks
The USC GridSec project develops distributed security infrastructure and self-defense capabilities to secure wide-area networked resource sites participating in a Grid application. We report new developments in trust modeling, security-binding methodology, and defense architecture against intrusions, worms, and flooding attacks. We propose a novel architectural design of Grid security infrastru...
متن کاملCollaborative Defense Mechanism Using Statistical Detection Method against DDoS Attacks
Distributed Denial-of-Service attack (DDoS) is one of the most outstanding menaces on the Internet. A DDoS attack generally attempts to overwhelm the victim in order to deny their services to legitimate users. A number of approaches have been proposed for defending against DDoS attacks accurately in real time. However, existing schemes have limits in terms of detection accuracy and delay if the...
متن کامل