Skip to main content
SpringerLink
Log in

Detecting Distributed Denial of Service Attacks by Sharing Distributed Beliefs

  • Conference paper
  • First Online:
Book cover Information Security and Privacy (ACISP 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2727))

Included in the following conference series:

Abstract

We propose a distributed approach to detect distributed denial of service attacks by monitoring the increase of new IP addresses. Unlike previous proposals for bandwidth attack detection schemes which are based on monitoring the traffic volume, our scheme is very effective for highly distributed denial of service attacks. Our scheme exploits an inherent feature of DDoS attacks, which makes it hard for the attacker to counter this detection scheme by changing their attack signature. Our scheme uses a sequential nonparametric change point detection method to improve the detection accuracy without requiring a detailed model of normal and attack traffic. In a multi-agent scenario, we show that by sharing the distributed beliefs, we can improve the detection efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Basseville and I. V. Nikiforov. Detection of Abrupt Changes: Theory and Application. Prentice Hall, 1993.

    Google Scholar 

  2. B. E. Brodsky and B. S. Darkhovsky. Nonparametric Methods in Change-point Problems. Kluwer Academic Publishers, 1993.

    Google Scholar 

  3. Anirban Chakrabarti and G. Manimaran. Internet infrastructure security: A taxonomy. IEEE Network, 16:13–21, 2002.

    Article  Google Scholar 

  4. P. Ferguson and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC2267, IETF, January 1998.

    Google Scholar 

  5. Thomer M. Gil and Massimiliano Poletto. Multops: a data-structure for bandwidth attack detection. In Proceedings of the 10th USENIX Security Symposium, 2001.

    Google Scholar 

  6. Waikato Applied Network Dynamics Research Group. Auckland university data traces. http://wand.cs.waikato.ac.nz/wand/wits/.

    Google Scholar 

  7. Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich. Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. Proceeding of 11th World Wide Web conference, 2002. May 7–11, 2002, Honolulu, Hawaii, USA.

    Google Scholar 

  8. C. Krugel and T. Toth. Distributed pattern detection for intrusion detection. In Proceedings of Network and Distributed System Security Symposium, 2002.

    Google Scholar 

  9. C. Leckie and R. Kotagiri. Learning to share distributed probabilistic beliefs. In Proceedings of the Nineteenth International Conference on Machine Learning (ICML-2002), Sydney, Australia, July 2002.

    Google Scholar 

  10. Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker. Controlling high bandwidth aggregates in the network. Technical report, AT&T Center for Internet Research at ICSI (ACIRI) and AT&T Labs Research, February 2001.

    Google Scholar 

  11. David Moore, Geoffrey M. Voeker, and Stefan Savage. Inferring internet Denial-of-Service acitivity. In Proceedings of the USENIX Security Symposium, pages 9–22, August 2001.

    Google Scholar 

  12. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao. Detecting distributed denial of service attacks using source IP address monitoring. draft, November 2002.

    Google Scholar 

  13. Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao. Prevention from distributed denial of service attacks using history-based IP filtering. In Proceeding of ICC 2003 (to appear), Anchorage, Alaska, USA, August 2003.

    Google Scholar 

  14. J.S. Rustagi. Optimization techniques in statistics. Boston: Academic Press, 1994.

    MATH  Google Scholar 

  15. J.C. Spall. Implementation of the simultaneous perturbation algorithm for stochastic optimization. In IEEE Trans. on Aerospace and Electronic Systems, volume 34, pages 817–823, 1998.

    Article  Google Scholar 

  16. Haining Wang, Danlu Zhang, and Kang G. Shin. Detecting SYN flooding attacks. In Proceedings of IEEE Infocom’ 2002, June 2002.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ARC Special Research Center for Ultra-Broadband Information Networks Department of Electrical and Electronic Engineering, The University of Melbourne, Victoria, 3010, Australia

    Tao Peng, Christopher Leckie & Kotagiri Ramamohanarao

  2. Department of Computer Science and Software Engineering, The University of Melbourne, Victoria, 3010, Australia

    Christopher Leckie & Kotagiri Ramamohanarao

Authors
  1. Tao Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christopher Leckie
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kotagiri Ramamohanarao
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Computer Science, University of Wollongong, Wollongong, NSW, 2522, Australia

    Rei Safavi-Naini  & Jennifer Seberry  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Peng, T., Leckie, C., Ramamohanarao, K. (2003). Detecting Distributed Denial of Service Attacks by Sharing Distributed Beliefs. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_19

Download citation

  • DOI: https://doi.org/10.1007/3-540-45067-X_19

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40515-3

  • Online ISBN: 978-3-540-45067-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation