CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Deployment of Distributed Defense against DDoS Attacks in ISP Domain

by Monika Sachdeva, Gurvinder Singh, Krishan Kumar
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 15 - Number 2
Year of Publication: 2011
Authors: Monika Sachdeva, Gurvinder Singh, Krishan Kumar
10.5120/1918-2561

Monika Sachdeva, Gurvinder Singh, Krishan Kumar . Deployment of Distributed Defense against DDoS Attacks in ISP Domain. International Journal of Computer Applications. 15, 2 ( February 2011), 25-31. DOI=10.5120/1918-2561

@article{ 10.5120/1918-2561,
author = { Monika Sachdeva, Gurvinder Singh, Krishan Kumar },
title = { Deployment of Distributed Defense against DDoS Attacks in ISP Domain },
journal = { International Journal of Computer Applications },
issue_date = { February 2011 },
volume = { 15 },
number = { 2 },
month = { February },
year = { 2011 },
issn = { 0975-8887 },
pages = { 25-31 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume15/number2/1918-2561/ },
doi = { 10.5120/1918-2561 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:03:08.926389+05:30
%A Monika Sachdeva
%A Gurvinder Singh
%A Krishan Kumar
%T Deployment of Distributed Defense against DDoS Attacks in ISP Domain
%J International Journal of Computer Applications
%@ 0975-8887
%V 15
%N 2
%P 25-31
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Distributed Denial of Service attacks pose a serious threat to the online applications like banking, trade, and e-commerce which are dependent on availability of Internet. Defending Internet from these attacks has become the need of the hour for sustainable development of any economy. Most of the research work in this area focuses on developing defense against these attacks without considering its practical deployment on the Internet. They evaluate the defense through simulation or experimenting in controlled environments. However a sincere thought is required to deploy these defense mechanisms in an incrementally acceptable way on the Internet. In this paper, the focus is on deployment aspect of defense system against DDoS attacks. The DDoS defense system in general is anatomized and need for distributed defense as compared to centralized defense has been highlighted. All possible defense locations on the Internet are critically analyzed for suitability of DDoS defense system deployment. A review of existing distributed defense schemes in terms of deployment is also carried out. Based on Internet structure, its working, and desired DDoS defense characteristics, ISP domain is chosen for deployment. However extending cooperation among ISPs and secure framework for communication among ISPs remain future concerns of our work.

References
  1. Mirkovic, j. and Reiher, P. “A Taxonomy of DDoS Attack and DDoS Defense Mechanisms,” ACM SIGCOMM Computer Communications Review, Volume 34, Issue 2, pp. 39-53, April, 2004
  2. McCumber, J. (1991). Information System Security: A Comprehensive Model. Proceedings of the 14th National Computer Security Conference. Baltimore. MD. USA.
  3. Kurose, J. and Ross, K. W. (2002). Computer Networking: A Top-Down Approach Featuring the Internet. pp 605-607. Second Edition, Addison Wesley.
  4. Neumann, P. G. (2000). Denial-of-Service Attacks. Communications of the ACM 43(4): 136. Xx
  5. CERT. [Online]. Available: http://www.cert.org/advisories/CA-2000-01.html
  6. Mirkovic, J. (2003). D-WARD: Source-End Defense Against Distributed Denial-of-service Attacks, Ph.D. Thesis, University of California, Los Angeles
  7. Kumar, K.(2007). Protection from Distributed Denial of Service (DDoS) Attacks in ISP Domain, Ph.D. Thesis, Indian Indian Institute of Technology, Roorkee, India
  8. Keromytis, A. D., Misra, V. and Rubenstein, D. (2004). SOS: An Architecture For Mitigating DDoS Attacks. IEEE Journal on Selected Areas in Communication, Vol. 22, No.1, pp. 176-188.
  9. Papadopoulos, C., Lindell, R., J. Mehringer, Hussain, A. and Govindan,R.(2003). CROSSACK: Coordinated Suppression of Simultaneous Attacks. Proceedings of DISCEX, pp. 2-13, 2003.
  10. Yang, X., Wetherall, D. and Anderson, T. (2005). A DoS-limiting network architecture. Proceedings of ACM SIGCOMM, pp. 241-252.
  11. Yau, D. K. Y., Lui, J. C. S., Liang, F. and Yam, Y. (2005).Defending against distributed denial of service attacks with Max-Min fair server-centric router throttles. IEEE Transactions on Networking, Vol. 13. No. 1, pp. 29-42.
  12. Oikonomou, G., Mirkovic, J., Reiher, P. and Robinson, M.(2006).A Framework for a Collaborative DDoS Defense. Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 33-42.
  13. Mahajan, R., Bellovin, S., Floyd, S., Paxson, V. and Shenker, S. (2002).Controlling high bandwidth aggregates in the network. ACM Computer Communications Review 32(3).
  14. .Canonico, R., Cotroneo, D., Peluso, L., Romano, S. P. and Ventre, G. (2001). Programming Routers to Improve Network Security. Proceedings of the OPENSIG 2001 Workshop Next Generation Network Programming.
  15. Haggerty, J., Shi, Q. and Merabti, M.(2005).Early Detection and Prevention of Denial-of-Service Attacks: A Novel Mechanism with Propagated Traced-Back Attack Blocking. IEEE Journal on Selected Areas in Communication. 23(10): 1994-2002
  16. Mirkovic, J., Robinson, M., Reiher, P. and Kuenning, G. "Alliance Formation for DDoS Defense," Proceedings of the New Security Paradigms Workshop, ACM SIGSAC, August 2003.
  17. Garg, A. and Reddy, A. L. N., “Mitigation of DoS attacks through QoS Regulation,” In Proceedings of IWQOS workshop, 2002
  18. Juels A. and Brainard, J., “Client puzzles: A cryptographic countermeasure against connection depletion attacks,” In Proceedings of the 1999 Networks and distributed system security symposium, pp. 134-149, March 1999.
  19. Lau, F, Rubin, S. H, Smith, M. H. and Trajkovic, L. “Distributed Denial of Service Attacks,” In IEEE International Conference on Systems, Man, and Cybernetics, pp. 2275-2280, October 2000.
  20. Spatscheck O. and Petersen, L. L., “Defending Against Denial of Service Attacks in Scout,” In Proceedings of the 3rd Symposium on Operating Systems Design and Implementation, pp. 59-72, February 1999.
  21. Zheng Y. L. and Leiwo, J., “A Method to Implement a Denial of Service Protection Base,” In Information Security and Privacy, volume 1270 of LNCS, pp. 90-101, 1997.
  22. Meadows, C., “A formal framework and evaluation method for network denial of service,” In Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp. 4-13, June 1999.
  23. Schuba, C., Krsul, I., Kuhn, M., Spafford, G.. Sundaram, A. and Zamboni, D. , “Analysis of a denial of service attack on TCP,” In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 208-223, May 1997.
  24. Leiwo, J., Nikander, P. and Aura, T., “Towards network denial of service resistant protocols,” In Proceedings of the 15th International Information Security Conference, pp. 301-310, August 2000.
  25. Aura, T., Nikander, P. and Leiwo, J.,”DOS-Resistant Authentication with Client Puzzles,” Lecture Notes in Computer Science, Vol. 2133/ 2001.
  26. McAfee. Personal Firewall. http://www.mcafee.com/myapps/firewall/ov_firewall.asp.
  27. Ferguson, P., Senie, D., “Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing,” RFC 2267, the Internet Engineering Task Force (IETF), 1998.
  28. Geng X. and Whinston, A. B., “Defeating Distributed Denial of Service attacks,” IEEE IT Professional, pp. 36–42, 2002.
  29. Snoeren, A. C., Partridge, C., Sanchez, L. A., Jones, C. E., Tchakountio, F.,. Kent, S. T and Strayer, W. T., “Hash-Based IP Traceback,” In Proceedings of ACM SIGCOMM 2001, pp. 3-14, August 2001.
  30. Dean, D., Franklin, M.and Stubblefield, A., “An Algebraic Approach to IP Traceback,” ACM Trans. Info. and Sys. Sec., vol. 5, pp. 119-137, 2002.
  31. Song D., and Perrig, A., “Advanced and Authenticated Marking Schemes for IP Traceback,” In IEEE INFOCOM, pp. 878-886, 2001.
  32. Bellovin, S., ICMP Traceback Messages, IETF draft, 2000 [online] Available at: http://www.research.att.com/smb/papers/draft-bellovin-itrace-00.txt.
  33. Savage, S., “Network Support for IP Traceback,” IEEE/ACM Trans. Net., Vol. 9, pp. 226-237, 2001.
  34. Bradley, K. A., Cheung, S., Puketza, N., Mukherjee, B.and Olsson, R. A., “Detecting disruptive routers: A distributed network monitoring approach”, in Proceedings of the 1998 IEEE Symposium on Security and Privacy, IEEE Press, New York, 1998, pp. 115-124.
  35. Fan, Y., Hassanein, H., and Martin, P., “Proactively defeating distributed denial of service attacks." in Canadian Conference on Electrical and Computer Engineering, 2003., vol. 2, May 2003, pp. 1047-1050
  36. Thomas, R., Mark, B., Johnson, T. and Croall, J., “NetBouncer: client-legitimacy based high-performance DDoS filltering," in Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, April 2003, pp. 14-25.
  37. Kim, Y., Jo, J.-Y., Merat, F., Yang, M. and Jiang, Y., “ Mitigating distributed denial-of-service attack with deterministic bit marking, International Journal of Information Technology, vol. 11, no. 2, 2005, pp. 62-82.
  38. Shi, W., Xiang, Y., and Zhou, W. (2005). Distributed Defense Against Distributed Denial-of-Service Attacks. Proceedings of ICA3PP 2005, LNCS 3719, pp. 357-362
  39. loannidis, J. and Bellovin, S. M.(2002).Implementing Pushback: Router-Based Defense against DDoS Attacks. Proceedings. of Network and Distributed System Security Symposium, Catamaran Resort Hotel San Diego, California.
  40. Tupakula, U. K. and Varadharajan, V. (2003). A practical method to counteract denial of service attacks. Proceedings of the 26th Australasian Computer Science Conference, Volume 16, pp. 275-284.
  41. Tupakula, U. K. and Varadharajan, V. (2003).A controller agent model to counteract DoS attacks in multiple domains. Proceedings of Integrated Network Management, IFIP/IEEE Eighth International Symposium. pp.113-116, 2003
  42. Tupakula, U. K. and Varadharajan, V. (2004).Tracing DDoS Floods: An Automated Approach. Journal of Network and Systems Management 12: 111-135.
  43. MANAnet DDoS White Papers, available at http://www.cs3-inc.com/mananet.html
  44. Schnackenberg, D., Djahandari, K. and Sterne, D. (2000). Infrastructure for Intrusion Detection and Response. Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 3-11
  45. Sardana, A., Joshi, R. (2009). An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks. Computer Communications. 32(12): 1384-1399
  46. Robinson, M., Mirkovic, J., Schnaider, M., Michel, S and Reiher, P., “Challenges and principles of DDoS defense,” ACM SIGCOMM, 2003.
  47. Caesar M.and Rexford, J., “BGP routing policies in ISP networks,”
  48. Chen S.and Song, Q., “Perimeter-Based Defense against High Bandwidth DDoS Attacks,” IEEE Transactions on Parallel and Distributed Systems, Vol. 16, No. 6, pp. 526-537, June 2005Bowman, M., Debray, S. K., and Peterson, L. L. 1993. Reasoning about naming systems. .
Index Terms

Computer Science
Information Sciences

Keywords

DDoS Centralized defense Distributed Defense Deployment Detection Response

Powered by PhDFocusTM