Adaptive Resource Management Enabling Deception (ARMED)
作者: Partha Pal , Nathaniel Soule , Nate Lageman , Shane S. Clark , Marco Carvalho
关键词:
摘要: Distributed Denial of Service (DDoS) attacks routinely disrupt access to critical services. Mitigation these often relies on planned over-provisioning or elastic provisioning resources, and third-party monitoring, analysis, scrubbing network traffic. While volumetric which saturate a victim's are most common, non-volumetric, low slow, DDoS can achieve their goals without requiring high traffic volume by targeting vulnerable protocols protocol implementations. Non-volumetric attacks, unlike noisy counterparts, require more sophisticated detection mechanisms, typically have only post-facto targeted protocol/application mitigations. In this paper, we introduce our work under the Adaptive Resource Management Enabling Deception (ARMED) effort, is developing network-level approach automatically mitigate through deception-focused adaptive maneuvering. We describe concept, implementation, initial evaluation ARMED Network Actors (ANAs) that facilitate transparent interception, sensing, mounting responses adversary's decision process.
acm.org
sci-hub.se 参考文章(22)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
S. Kopparty, S.V. Krishnamurthy, M. Faloutsos, S.K. Tripathi, Split TCP for mobile ad hoc networks global communications conference. ,vol. 1, pp. 138- 142 ,(2002) , 10.1109/GLOCOM.2002.1188057
Xiapu Luo, Rocky K. C. Chang, On a New Class of Pulsing Denial-of-Service Attacks and the Defense. network and distributed system security symposium. ,(2005)
Haibin Sun, J.C.S. Lui, D.K.Y. Yau, Defending against low-rate TCP attacks: dynamic detection and protection international conference on network protocols. pp. 196- 205 ,(2004) , 10.1109/ICNP.2004.1348110
Yajuan Tang, Countermeasures on application level low-rate denial-of-service attack international conference on information and communication security. pp. 70- 80 ,(2012) , 10.1007/978-3-642-34129-8_7
William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, Dan Rubenstein, Using graphic turing tests to counter automated DDoS attacks against web servers computer and communications security. pp. 8- 19 ,(2003) , 10.1145/948109.948114
Ping Du, Akihiro Nakao, OverCourt: DDoS mitigation through credit-based traffic segregation and path migration Computer Communications. ,vol. 33, pp. 2164- 2175 ,(2010) , 10.1016/J.COMCOM.2010.09.009
R. Mathew, V. Katkar, Survey of low rate DoS attack detection mechanisms international conference & workshop on emerging trends in technology. pp. 955- 958 ,(2011) , 10.1145/1980022.1980227
Thomas C. Eskridge, Marco M. Carvalho, Evan Stoner, Troy Toggweiler, Adrian Granados, VINE: A Cyber Emulation Environment for MTD Experimentation Proceedings of the Second ACM Workshop on Moving Target Defense. pp. 43- 47 ,(2015) , 10.1145/2808475.2808486
Xiaowei Yang, David Wetherall, Thomas Anderson, A DoS-limiting network architecture acm special interest group on data communication. ,vol. 35, pp. 241- 252 ,(2005) , 10.1145/1080091.1080120