Advertisement

Security Technologies of SINET

  • Hongke Zhang
  • Wei Su
  • Wei Quan
Chapter

Abstract

In this chapter, we introduce three security enhancement solutions in SINET. First, related work on Internet security is summarized at the beginning. Then, we propose an Anomaly Detection Response Mechanism (ADRM) based on mapping requests, which is featured by the pre-alarming, detection efficiency and traffic control. Next, we present a scalable and efficient identifier-separating mapping mechanism, which is used to efficiently detect DDoS attacks and prevent DDoS attackers from controlling the botnets.

Keywords

Anomaly Detection Mapping Delay Internet Protocol Address Border Gateway Protocol Change Point Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Lu K, Wu D, Fan J et al (2007) Robust and efficient detection of DDoS attacks for large-scale internet. Comput Netw 51(18):5036–5056CrossRefzbMATHGoogle Scholar
  2. 2.
    Liu H, Kim MS (2010) Real-time detection of stealthy DDoS attacks using time-series decomposition. In: 2010 IEEE international conference on communicationsGoogle Scholar
  3. 3.
    Jin S, Yeung D S (2004) A covariance analysis model for DDoS attack detection. In: 2004 IEEE international conference on communicationsGoogle Scholar
  4. 4.
    Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. ACM SIGCOMM Comput Commun Rev 35(4):217–228CrossRefGoogle Scholar
  5. 5.
    Wang W, Battiti R (2006) Identifying intrusions in computer networks with principal component analysis. In: The 1st international conference on availability, reliability and securityGoogle Scholar
  6. 6.
    Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470CrossRefGoogle Scholar
  7. 7.
    Wang Y, Wang C (2003). Modeling the effects of timing parameters on virus propagation. In: The 2003 ACM workshop on Rapid MalcodeGoogle Scholar
  8. 8.
    Zou CC, Gong W, Towsley D (2002) Code red worm propagation modeling and analysis. In: The 9th ACM conference on computer and communications securityGoogle Scholar
  9. 9.
    Frauenthal JC (1980) Mathematical modeling in epidemiology. SpringerGoogle Scholar
  10. 10.
    Chen Z, Gao L, Kwiaty K (2003) Modeling the spread of active worms. In: 22nd annual joint conference of the IEEE computer and communicationsGoogle Scholar
  11. 11.
    Wan M, Zhang HK, Wu TY et al (2012) Anomaly detection and response approach based on mapping requests. Secur Commun Netw 7(12):2277–2292CrossRefGoogle Scholar
  12. 12.
    Siris VA, Papagalou F (2006) Application of anomaly detection algorithms for detecting SYN flooding attacks. Comput Commun 29(9):1433–1442CrossRefGoogle Scholar
  13. 13.
    Wang H, Zhang D, Shin KG (2002) Detecting SYN flooding attacks. In: 21st annual joint conference of the IEEE computer and communications societiesGoogle Scholar
  14. 14.
    Bu S, Wang R, Zhou H (2008) Anomaly network traffic detection based on auto-adapted parameters method. In: The 4th international conference on wireless communications, networking and mobile computingGoogle Scholar
  15. 15.
    Hellerstein JL, Zhang F, Shahabuddin P (2001) A statistical approach to predictive detection. Comput Netw 35(1):77–95CrossRefGoogle Scholar
  16. 16.
    Lucas JM, Saccucci MS (1990) Exponentially weighted moving average control schemes: properties and enhancements. Technometrics 32(1):1–12MathSciNetCrossRefGoogle Scholar
  17. 17.
    Takada HH, Hofmann U (2004). Application and analyses of cumulative sum to detect highly distributed denial of service attacks using different attack traffic patterns. http://www.ist-intermon.org/dissemination/newsletter7.pdf
  18. 18.
    Shamir A, Tauman Y (2001) Improved online/offline signature schemes. Advances in Cryptology—Crypto 2001. Springer, Berlin, pp 355–367Google Scholar
  19. 19.
    Srivastava A (2006) Electronic signatures: a brief review of the literature. In: The 8th international conference on electronic commerce: the new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internetGoogle Scholar
  20. 20.
    Luo H, Lin Y, Zhang H et al (2013) Preventing DDoS attacks by identifier/locator separation. IEEE Netw 27(6):60–65CrossRefGoogle Scholar
  21. 21.
    Trend Micro 2011 Threat Predictions: mobile devices and diversity of operating systems will expand cybercriminal reach. http://trendmicro.mediaroom.com/index.php?s=43&news_item=851&type=archived&year=2010
  22. 22.
    Wang K, Luo H, Qin Y (2011). Identifier/locator separation: a worm detection and prevention perspective. In 2011 international conference on advanced intelligence and awarenessGoogle Scholar
  23. 23.
    Hick P, Aben E, Claffy K et al (2007) The CAIDA DDoS Attack 2007 Dataset. http://www.caida.org/data/passive/ddos-20070804_dataset.xml
  24. 24.
    Brodsky E, Darkhovsky BS (1993) Nonparametric methods in change point problems. Springer Science & Business MediaGoogle Scholar
  25. 25.
    Moore D, Shannon C, Brown DJ et al (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139CrossRefGoogle Scholar
  26. 26.
    Wan M, Liu Y, Tang J et al (2012) Locator/identifier separation: comparison and analysis on the mitigation of worm propagation. Int J Comput Intell Syst 5(5):868–877CrossRefGoogle Scholar
  27. 27.
    McMillan R (2009) Conficker worm sinks French navy network. http://www.pcworld.com/article/159224/conficker_worm_sinks_french_navy_network.html. Accessed 09 Feb 2009
  28. 28.
    Yu W, Wang X, Calyam P et al (2011) Modeling and detection of camouflaging worm. IEEE Trans Dependable Secure Comput 8(3):377–390CrossRefGoogle Scholar
  29. 29.
    Costa M, Crowcroft J, Castro M et al (2005) Vigilante: end-to-end containment of internet worms. ACM SIGOPS Oper Syst Rev 39(5):133–147CrossRefGoogle Scholar
  30. 30.
    Coras F (2009) CoreSim: a simulator for evaluating LISP mapping systems. Master’s thesis, Technical University of Cluj-NapocaGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.National Engineering Laboratory for Next Generation Internet Technologies, School of Electronic and Information EngineeringBeijing Jiaotong UniversityBeijingChina

Personalised recommendations