Inter-domain Security Management to Protect Legitimate User Access from DDoS Attacks

  • Sung Ki Kim
  • Byoung Joon Min
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3981)


In this paper, we propose a cooperative inter-domain security mana- gement to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The security management cooperation is achieved in two steps. First, a domain security manager forwards information regarding identified suspicious attack flows to neighboring managers. Secondly, the domain security manager verifies the attack upon receiving return messages from the neighboring managers. The management method proposed in this paper is designed not only to prevent network resources from being exhausted by the attacks but also to increase the possibility that legitimate users can fairly access the target services. Through the experiment on a test-bed, the proposed method was verified to be able to maintain high detection accuracy and to enhance the normal packet survival rate.


Security Management Legitimate User Border Gateway Protocol Feedback Message Edge Router 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing (March-April 2002)Google Scholar
  2. Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine (July 2003)Google Scholar
  3. Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. In: SIGCOMM, pp. 251–262 (1999)Google Scholar
  4. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DISCEX (DARPA Information Survivability Conference and Exposition) (2003)Google Scholar
  5. Ioannidis, J., Bellovin, S.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proceedings of the Network and Distributed System Security Symposium (February 2002)Google Scholar
  6. KICS of Korea Information Security Agency. Intercept and Analysis Technologies Against DDoS Attacks (September 2004)Google Scholar
  7. Lakhina, A., Crovella, M., Diot, C.: Characterization of Network-Wide Anomalies in Traffic Flows. In: IMC 2004 (October 2004)Google Scholar
  8. Mahajan, R., et al.: Controlling High Bandwidth Aggregates in the Network. ACM SIGCOMM Computer Communications Review, 32(3) (July 2002)Google Scholar
  9. Min, B.J., Kim, S.K., Choi, J.S.: Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 174–187. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. Peng, T., Leckie, C., Ramamohanarao, K.: Defending Against Distributed Denial of Services Attacks Using Selective Pushback. In: Proceedings of the 9th IEEE Int’l Conference on Telecommunications (June 2002)Google Scholar
  11. How to Get Rid of Denial of Service Attacks,
  12. Unicast Reverse Path Forwarding(uRPF) Enhancements for the ISP-ISP Edge,
  13. Configuring BGP to Block Denial-of-Service Attacks,
  14. Linux Advanced Routing and Traffic Control HOWTO,
  15. Spread Toolkit,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sung Ki Kim
    • 1
  • Byoung Joon Min
    • 1
  1. 1.Dept. of Computer Science and EngineeringUniversity of IncheonIncheonRepublic of Korea

Personalised recommendations