Traffic Engineering Based Attack Detection in Active Networks
作者: Jayashree Padmanabhan , K. S. Easwarakumar
DOI: 10.1007/978-3-540-92295-7_22
关键词: Traffic shaping 、 Generic cell rate algorithm 、 Network traffic control 、 Traffic generation model 、 Traffic analysis 、 Computer science 、 Denial-of-service attack 、 Computer network 、 Traffic policing 、 Traffic engineering
摘要: Distributed denial of service attacks are the serious candidates for traffic analysis next to performance evaluation. As these threats deplete network resources rapidly particularly link parameters, modeling provide a strong base analyzing attack characteristics. The solution domain uses active networks implementation, as it supports routers which can perform customized tasks on demand and ease deploying. paper presents model based packet attributes characterize detection response framework model. mechanism leaky buckets rate limit ranking using linear arithmetic. simulation results depicting passed through well legitimate dropped at routers, under different scenarios, found be comparable existing solutions with improved efficiency in time.
springer.com
sci-hub.st 参考文章(17)
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Detecting distributed denial of service attacks by sharing distributed beliefs australasian conference on information security and privacy. ,vol. 2727, pp. 214- 225 ,(2003) , 10.1007/3-540-45067-X_19
Steven Michael Bellovin, John Ioannidis, Implementing Pushback : Router-Based Defense Against DDoS Attacks network and distributed system security symposium. ,(2002) , 10.7916/D8R78MXV
Li-Chiou Chen, Thomas A. Longstaff, Kathleen M. Carley, Characterization of defense mechanisms against distributed denial of service attacks Computers & Security. ,vol. 23, pp. 665- 678 ,(2004) , 10.1016/J.COSE.2004.06.008
Yang Wang, Chuang Lin, Quan-Lin Li, Yuguang Fang, A queueing analysis for the denial of service (DoS) attacks in computer networks Computer Networks. ,vol. 51, pp. 3564- 3573 ,(2007) , 10.1016/J.COMNET.2007.02.011
Ho-yu Lam, Chi-pan Li, Samuel Chanson, Dit-yan Yeung, A Coordinated Detection and Response Scheme for Distributed Denial-of-Service Attacks international conference on communications. ,vol. 5, pp. 2165- 2170 ,(2006) , 10.1109/ICC.2006.255091
J. Mirkovic, P. Reiher, D-WARD: a source-end defense against flooding denial-of-service attacks IEEE Transactions on Dependable and Secure Computing. ,vol. 2, pp. 216- 232 ,(2005) , 10.1109/TDSC.2005.35
George Oikonomou, Jelena Mirkovic, Peter Reiher, Max Robinson, A Framework for a Collaborative DDoS Defense annual computer security applications conference. pp. 33- 42 ,(2006) , 10.1109/ACSAC.2006.5
Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H.J. Chao, PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks IEEE Transactions on Dependable and Secure Computing. ,vol. 3, pp. 141- 155 ,(2006) , 10.1109/TDSC.2006.25
Bharat B. Madan, Katerina Goševa-Popstojanova, Kalyanaraman Vaidyanathan, Kishor S. Trivedi, A method for modeling and quantifying the security attributes of intrusion tolerant systems dependable systems and networks. ,vol. 56, pp. 167- 186 ,(2004) , 10.1016/J.PEVA.2003.07.008
A. Yaar, A. Perrig, D. Song, Pi: a path identification mechanism to defend against DDoS attacks ieee symposium on security and privacy. pp. 93- 107 ,(2003) , 10.1109/SECPRI.2003.1199330