Detection of DDoS and IDS Evasion Attacks in a High-Speed Networks Environment
作者: Yong-Hee Jeon , Sang-Kil Park , Jin-Tae Oh , Jong-Soo Jang
DOI:
关键词:
摘要: Summary BcN(Broadband convergence Networks) is being deployed in order to support a variety of network applications such as ECommerce, DMB(Digital Multimedia Broadcasting), Home Network, VoIP(Voice over IP), and other services. As bandwidth growing rapidly services are converged, the opportunity severity intrusions well. This paper presents novel Intrusion Detection System (IDS) architecture named ‘Security Gateway (SGS)’ designed perform intrusion detection prevention on highspeed links. Among several features system, we focus DDoS(Distributed Denial Service) IDS evasion attacks. We implemented both mechanisms for handling consuming attack engine against FPGA(Field Programmable Gate Array). present some experimental results gigabit test bed. The show that real-time attacks possible with 2 gigabits throughput each security board.
ijcsns.org 参考文章(7)
Pars Mutaf, Defending against a Denial-of-Service Attack on TCP. recent advances in intrusion detection. ,(1999)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Geoff Huston, Paul Ferguson, Quality of Service: Delivering QoS on the Internet and in Corporate Networks ,(1998)
Werner Almesberger, Linux Network Traffic Control -- Implementation Overview 5th Annual Linux Expo. pp. 153- 164 ,(1999)
H. Jonathan Chao, Xiaolei Guo, Quality of Service Control in High-Speed Networks ,(2001)
Geoff Huston, Internet Performance Survival Guide: QoS Strategies for Multiservice Networks ,(2000)
L. Garber, Denial-of-service attacks rip the internet IEEE Computer. ,vol. 33, pp. 12- 17 ,(2000) , 10.1109/MC.2000.839316