Safeguard Information Infrastructure Against DDoS Attacks: Experiments and Modeling

  • Yang Xiang
  • Wanlei Zhou
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3810)


Nowadays Distributed Denial of Service (DDoS) attacks have made one of the most serious threats to the information infrastructure. In this paper we firstly present a new filtering approach, Mark-Aided Distributed Filtering (MADF), which is to find the network anomalies by using a back-propagation neural network, deploy the defense system at distributed routers, identify and filtering the attack packets before they can reach the victim; and secondly propose an analytical model for the interactions between DDoS attack party and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. According to the experimental results, we find that MADF can detect and filter DDoS attack packets with high sensitivity and accuracy, thus provide high legitimate traffic throughput and low attack traffic throughput. Through the comparison between experiments and numerical results, we also demonstrate the validity of the analytical model that can precisely estimate the effectiveness of a DDoS defense system before it encounters different attacks.


Attack Rate Strength Function Random Early Detection Network Anomaly Attack Packet 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferguson, P., Senie, D.: Rfc 2267 - network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing. Technical report, Network Working Group (1998)Google Scholar
  2. 2.
    Aljifri, H.: Ip traceback: A new denial-of-service deterrent? IEEE Security & Privacy 1, 24–31 (2003)CrossRefGoogle Scholar
  3. 3.
    Floyd, S., Jacobson, V.: Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking 1, 397–413 (1993)CrossRefGoogle Scholar
  4. 4.
    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for ip traceback. ACM/IEEE Transactions on Networking 9, 226–237 (2001)CrossRefGoogle Scholar
  5. 5.
    Belenky, A., Ansari, N.: Ip traceback with deterministic packet marking. IEEE Communications Letters 7, 162–164 (2003)CrossRefGoogle Scholar
  6. 6.
    Xiang, Y., Zhou, W., Rough, J.: Trace ip packets by flexible deterministic packet marking (fdpm). In: IEEE International Workshop on IP Operations & Management, IPOM 2004 (2004)Google Scholar
  7. 7.
    Mller, B., Reinhardt, J., Strickland, M.: Neural Networks: An Introduction, 2nd edn. Springer, Heidelberg (1995)Google Scholar
  8. 8.
    Haykin, S.: Neural Networks: A Comprehensive Foundation, 2nd edn. Prentice-Hall, Englewood Cliffs (1998)Google Scholar
  9. 9.
    Bernardo, J.M., Smith, A.F.M.: Bayesian Theory. John Wiley and Sons, England (1994)zbMATHCrossRefGoogle Scholar
  10. 10.
    Mukkamala, S., Sung, A.H.: Detecting denial of service attacks using support vector machines. In: The IEEE International Conference on Fuzzy Systems, pp. 1231–1236 (2003)Google Scholar
  11. 11.
    SSFNet: Scalable simulation framework,
  12. 12.
    Chen, R.C., Shi, W., Zhou, W.: Simulation of distributed denial of service attacks. Technical report, School of Information Technology, Deakin University, Australia (2004)Google Scholar
  13. 13.
    Skitter: Skitter project, cooperative association for internet data analysis (caida),
  14. 14.
    Yaar, A., Perrig, A., Song, D.: Pi: A path identification mechanism to defend against ddos attacks. In: 2003 IEEE Symposium on Security and Privacy, pp. 93–107 (2003)Google Scholar
  15. 15.
    Sung, M., Xu, J.: Ip traceback-based intelligent packet filtering: A novel technique for defending against internet ddos attacks. IEEE Transactions on Parallel and Distributed Systems 14, 861–872 (2003)CrossRefGoogle Scholar
  16. 16.
    Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5, 438–457 (2002)CrossRefGoogle Scholar
  17. 17.
    Lanchester, F.W.: Mathematics in warfare. The World of Mathematics 4, 2138–2157 (1956)Google Scholar
  18. 18.
    Gil, T.M., Poletto, M.: Multops: a data-structure for bandwidth attack detection. In: 10th Usenix Security Symposium, pp. 23–38 (2001)Google Scholar
  19. 19.
    Pollak, M.: Optimal detection of a change in distribution. Ann. Statist. 13, 206–227 (1986)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Wang, H., Zhang, D., Shin, K.G.: Change-point monitoring for the detection of dos attacks. IEEE Transactions on Dependable and Secure Computing 1, 193–208 (2004)CrossRefGoogle Scholar
  21. 21.
    Jin, S., Yeung, D.S.: A covariance analysis model for ddos attack detection. In: IEEE International Conference on Communications (ICC 2004), vol. 4, pp. 1882–1886 (2004)Google Scholar
  22. 22.
    Allen, W.H., Marin, G.A.: The loss technique for detecting new denial of service attacks. In: IEEE SoutheastCon 2004, pp. 302–309 (2004)Google Scholar
  23. 23.
    Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internet. In: ACM SIGCOMM 2001, pp. 15–26 (2001)Google Scholar
  24. 24.
    Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: An effective defense against spoofed ddos traffic. In: 10th ACM Conference on Computer and Communication Security (CCS 2003), pp. 30–41 (2003)Google Scholar
  25. 25.
    Hu, Y.H., Choi, H., Choi, H.A.: Packet filtering for congestion control under dos attacks. In: 2nd IEEE International Information Assurance Workshop (IWIA 2004), pp. 3–18 (2004)Google Scholar
  26. 26.
    Mahajan, R., Bellovin, S.M., Floyd, S.: Controlling high bandwidth aggregates in the network. Computer Communications Review 32, 62–73 (2002)CrossRefGoogle Scholar
  27. 27.
    Kong, J., Mirza, M., Shu, J., Yoedhana, C., Gerla, M., Lu, S.: Random flow network modeling and simulations for ddos attack mitigation. In: IEEE International Conference on Communications (ICC 2003), vol. 1, pp. 487–491 (2003)Google Scholar
  28. 28.
    Blackert, W.J., Gregg, D.M., Castner, A.K., Kyle, E.M., Hom, R.L., Jokerst, R.M.: Analyzing interaction between distributed denial of service attacks and mitigation technologies. In: DARPA Information Survivability Conference and Exposition, DISCEX 2003 (2003)Google Scholar
  29. 29.
    Maconachy, W.V., Schou, C.D., Ragsdale, D., Welch, D.: A model for information assurance: An integrated approach. In: The 2001 IEEE Workshop on Information Assurance and Security (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Yang Xiang
    • 1
  • Wanlei Zhou
    • 1
  1. 1.School of Information TechnologyDeakin UniversityAustralia

Personalised recommendations