Collaborative Defense Mechanism Using Statistical Detection Method against DDoS Attacks(<Special Section>New Challenge for Internet Technology and its Architecture)
スポンサーリンク
概要
- 論文の詳細を見る
Distributed Denial-of-Service attack (DDoS) is one of the most outstanding menaces on the Internet. A DDoS attack generally attempts to overwhelm the victim in order to deny their services to legitimate users. A number of approaches have been proposed for defending against DDoS attacks accurately in real time. However, existing schemes have limits in terms of detection accuracy and delay if the IDRS (Intrusion Detection and Response System) deployed only at a specific location detects and responds against attacks. As in this case, it is not able to catch the characteristic of the attack which is distributed in large-scale. Moreover, the existing detection schemes have vulnerabilities to intellectual DDoS attacks which are able to avoid its detection threshold or delay its detection time. This paper suggests the effective DDoS defense system which uses the collaborative scheme among distributed IDRSs located in the vicinity of the attack source or victim network. In proposed scheme, both victim and source-end IDRS work synergistically to identify the attack and avoid false alarm rate up to great extent. Additionally, we propose the duplicate detection window scheme to detect various attacks dynamics which increase the detection threshold gradually in early stage. The proposed scheme can effectively detect and respond against these diverse DDoS attack dynamics.
- 社団法人電子情報通信学会の論文
- 2007-10-01
著者
-
HONG Choong
Department of Computer Engineering, Kyung Hee University
-
Hong Choong
Department Of Computer Engineering Kyung Hee University
-
SONG ByungHak
Department of Computer Engineering, Kyung Hee University
-
HEO Joon
Department of Computer Engineering, Kyung Hee University
-
Song Byunghak
Department Of Computer Engineering Kyung Hee University
-
Heo Joon
Department Of Computer Engineering Kyung Hee University
関連論文
- フローサイトメータによるエチレングリコールモノエチルエーテルのラットの精子形成に対する影響評価
- Fair Scheduling and Throughput Maximization for IEEE 802.16 Mesh Mode Broadband Wireless Access Networks
- Multi-Constrained QoS Geographic Routing for Heterogeneous Traffic in Sensor Networks
- Congestion Avoidance and Fair Event Detection in Wireless Sensor Network(Ubiquitous Sensor Networks)
- IP-MAC : A Distributed MAC for Spatial Reuse in Wireless Networks
- A High Throughput On-Demand Routing Protocol for Multirate Ad Hoc Wireless Networks
- Implementing Signature Based IDS in IP-Based Sensor Networks with the Help of Signature-Codes
- TCP BaLDE for Improving TCP Performance over Heterogeneous Networks(Internet Technology VI)
- Efficient ID-Based Threshold Random Key Pre-Distribution Scheme for Wireless Sensor Networks
- A Security Enhanced Timestamp-Based Password Authentication Scheme Using Smart Cards(Application Information Security)
- Autonomous Traffic Engineering for Boosting Application Fidelity in Wireless Sensor Networks
- Collaborative Defense Mechanism Using Statistical Detection Method against DDoS Attacks(New Challenge for Internet Technology and its Architecture)
- An Energy^*Delay Efficient Multi-Hop Routing Scheme for Wireless Sensor Networks(Challenges in Ad-hoc and Multi-hop Wireless Communications)
- A Service Networking Architecture for the Scalable Management of Multi-Layer Networks (Special Issue on New Paradigms in Network Management)
- A Hybrid MAC Protocol for Cognitive Radio Ad Hoc Networks
- Fast Configuration for Mobile IPTV in IPv6 Networks
- A Hybrid MAC Protocol for Cognitive Radio Ad Hoc Networks
- Intelligent Handover Decision Using IEEE 802.21 in Mobile IPTV
- Cooperative Message Broadcasting in Multichannel Cognitive Radio Ad Hoc Networks
- RTSP-Based Adaptive Sending Control for IPTV Service in Heterogeneous Networks and Experimental Implementation