A Distributed Framework with less False Positive Ratio Against Distributed Denial of Service Attack
Titel:
A Distributed Framework with less False Positive Ratio Against Distributed Denial of Service Attack
Auteur:
S. Meenakshi S.K. Srivatsa
Verschenen in:
Information technology journal
Paginering:
Jaargang 6 (2007) nr. 8 pagina's 1139-1145
Jaar:
2007
Inhoud:
Distributed denial of service is a major threat to the availability of Internet services. The distributed, large scale nature of the Internet, makes DDoS attacks stealthy and difficult to counter. Defense against Distributed Denial-of-Service attacks is one of the hardest security problems on the Internet. Recently, these network attacks have been increasing. In order to cope with the increase, many ISP (Internet Service Provider) customers introduced IDSs (Intrusion Detection System). However, the IDSs cannot always detect the network attacks due to dropping the packets when DDoS packets are aggregated to the customer`s link. Attack packets can be identical to legitimate packets, since the attacker only needs volume, not content, to inflict damage. Furthermore, the volume of packets from individual sources can be low enough to escape notice by local administrators. Thus, a detection system based on single site will have either high positive or high negative rates. Therefore more effective countermeasures are required to counter the threat. This requirement has motivated us to propose a novel mechanism against DDoS attack. This study presents the design details of a distributed defense mechanism against DDoS attack. The DDoS attack cannot be addressed through isolated actions of defense nodes. The effectiveness of attack detection increases near the victim and the effectiveness of packet filtering increases near the attack source. So we choose the detection system in the intermediate location to get benefits in both ways. In our approach, the egress routers of the intermediate network coordinate with each other to provide the information necessary to detect and respond to the attack. In our distributed IDS system, there is a corresponding true positive ratio. In this Distributed frame work, the information and services are exchanged between systems through which they act together against the threat.
Uitgever:
Asian Network for Scientific Information, Pakistan (provided by DOAJ)
Tijdschrift beschrijving