Abstract
We propose a distributed approach to detect distributed denial of service attacks by monitoring the increase of new IP addresses. Unlike previous proposals for bandwidth attack detection schemes which are based on monitoring the traffic volume, our scheme is very effective for highly distributed denial of service attacks. Our scheme exploits an inherent feature of DDoS attacks, which makes it hard for the attacker to counter this detection scheme by changing their attack signature. Our scheme uses a sequential nonparametric change point detection method to improve the detection accuracy without requiring a detailed model of normal and attack traffic. In a multi-agent scenario, we show that by sharing the distributed beliefs, we can improve the detection efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Basseville and I. V. Nikiforov. Detection of Abrupt Changes: Theory and Application. Prentice Hall, 1993.
B. E. Brodsky and B. S. Darkhovsky. Nonparametric Methods in Change-point Problems. Kluwer Academic Publishers, 1993.
Anirban Chakrabarti and G. Manimaran. Internet infrastructure security: A taxonomy. IEEE Network, 16:13–21, 2002.
P. Ferguson and D. Senie. Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC2267, IETF, January 1998.
Thomer M. Gil and Massimiliano Poletto. Multops: a data-structure for bandwidth attack detection. In Proceedings of the 10th USENIX Security Symposium, 2001.
Waikato Applied Network Dynamics Research Group. Auckland university data traces. http://wand.cs.waikato.ac.nz/wand/wits/.
Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich. Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. Proceeding of 11th World Wide Web conference, 2002. May 7–11, 2002, Honolulu, Hawaii, USA.
C. Krugel and T. Toth. Distributed pattern detection for intrusion detection. In Proceedings of Network and Distributed System Security Symposium, 2002.
C. Leckie and R. Kotagiri. Learning to share distributed probabilistic beliefs. In Proceedings of the Nineteenth International Conference on Machine Learning (ICML-2002), Sydney, Australia, July 2002.
Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker. Controlling high bandwidth aggregates in the network. Technical report, AT&T Center for Internet Research at ICSI (ACIRI) and AT&T Labs Research, February 2001.
David Moore, Geoffrey M. Voeker, and Stefan Savage. Inferring internet Denial-of-Service acitivity. In Proceedings of the USENIX Security Symposium, pages 9–22, August 2001.
Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao. Detecting distributed denial of service attacks using source IP address monitoring. draft, November 2002.
Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao. Prevention from distributed denial of service attacks using history-based IP filtering. In Proceeding of ICC 2003 (to appear), Anchorage, Alaska, USA, August 2003.
J.S. Rustagi. Optimization techniques in statistics. Boston: Academic Press, 1994.
J.C. Spall. Implementation of the simultaneous perturbation algorithm for stochastic optimization. In IEEE Trans. on Aerospace and Electronic Systems, volume 34, pages 817–823, 1998.
Haining Wang, Danlu Zhang, and Kang G. Shin. Detecting SYN flooding attacks. In Proceedings of IEEE Infocom’ 2002, June 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Peng, T., Leckie, C., Ramamohanarao, K. (2003). Detecting Distributed Denial of Service Attacks by Sharing Distributed Beliefs. In: Safavi-Naini, R., Seberry, J. (eds) Information Security and Privacy. ACISP 2003. Lecture Notes in Computer Science, vol 2727. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45067-X_19
Download citation
DOI: https://doi.org/10.1007/3-540-45067-X_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40515-3
Online ISBN: 978-3-540-45067-2
eBook Packages: Springer Book Archive