Open Access
D-ward: source-end defense against distributed denial-of-service attacks
TLDR
A source-end defense (implemented in the D-WARD system) can detect and prevent a significant number of DDoS attacks, does not incur significant cost for its operation, and offers good service to legitimate traffic during the attack.Abstract:
Distributed denial-of-service (DDoS) attacks are a grave and challenging problem. Perpetration requires little effort on the attacker's side, since a vast number of insecure machines provides fertile ground for attack zombies, and automated scripts for exploit and attack can easily be downloaded and deployed. On the other hand, prevention of the attack or the response and traceback of perpetrators is extremely difficult due to a large number of attacking machines, the use of source-address spoofing and the similarity between legitimate and attack traffic.
Many defense systems have been designed in the research and commercial communities to counter DDoS attacks, yet the problem remains largely unsolved. This thesis explores the problem of DDoS defense from two directions: (1) it strives to understand the origin of the problem and all its variations, and provides a survey of existing solutions, and (2) it presents the design (and implementation) of a source-end DDoS defense system called D-WARD that prevents outgoing attacks from deploying networks. Source-end defense is not the complete solution to DDoS attacks, since networks that do not deploy the proposed defense can still perform successful attacks. However, this thesis shows that a source-end defense (implemented in the D-WARD system) can detect and prevent a significant number of DDoS attacks, does not incur significant cost for its operation, and offers good service to legitimate traffic during the attack. By performing successful differentiation between legitimate and attack traffic close to the source, source-end defense is one of the crucial building blocks of the complete DDoS solution and essential for promoting Internet security. The thesis also includes a description of two joint projects where D-WARD has been integrated into a distributed defense system, and extensively tested. In all of the experiments, the operation of the system significantly improved with the addition of D-WARD.read more
Citations
More filters
Journal ArticleDOI
A taxonomy of DDoS attack and DDoS defense mechanisms
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Patent
System and method for distributed denial of service identification and prevention
TL;DR: In this article, an information layer agent consults a knowledge base comprising information associated with known attack patterns, including state-action mappings, to determine if events indicate attacks, perform clustering analysis to determine whether they represent known or unknown attack patterns and initiate appropriate responses to prevent and/or mitigate the attack.
Patent
Protecting against distributed network flood attacks
TL;DR: In this article, a network security device performs a three-stage analysis of traffic to identify malicious clients, which includes an attack detection module to monitor network connections to a protected network device, during a second stage, to monitor a plurality of types of transactions for the plurality of network sessions when a parameter for the connections exceeds a connection threshold.
Journal ArticleDOI
D-WARD: a source-end defense against flooding denial-of-service attacks
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: D-WARD is proposed, a source- end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment.
Patent
Detecting malicious network software agents
TL;DR: In this article, the authors describe techniques for determining whether a network session originates from an automated software agent, such as a bot detection module to calculate a plurality of scores for network session data.
References
More filters
Journal ArticleDOI
Random early detection gateways for congestion avoidance
Sally Floyd,Van Jacobson +1 more
TL;DR: Red gateways are designed to accompany a transport-layer congestion control protocol such as TCP and have no bias against bursty traffic and avoids the global synchronization of many connections decreasing their window at the same time.
Journal ArticleDOI
Congestion avoidance and control
TL;DR: The measurements and the reports of beta testers suggest that the final product is fairly good at dealing with congested conditions on the Internet, and an algorithm recently developed by Phil Karn of Bell Communications Research is described in a soon-to-be-published RFC.
Proceedings ArticleDOI
Resilient overlay networks
TL;DR: It is found that forwarding packets via at most one intermediate RON node is sufficient to overcome faults and improve performance in most cases, demonstrating the benefits of moving some of the control over routing into the hands of end-systems.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Journal ArticleDOI
An integrated experimental environment for distributed systems and networks
Brian S. White,Jay Lepreau,Leigh Stoller,Robert Ricci,Shashi Guruprasad,Mac Newbold,Mike Hibler,Chad Barb,Abhijeet Joglekar +8 more
TL;DR: The overall design and implementation of Netbed is presented and its ability to improve experimental automation and efficiency is demonstrated, leading to new methods of experimentation, including automated parameter-space studies within emulation and straightforward comparisons of simulated, emulated, and wide-area scenarios.