Rui GUO, Hao YIN, Dongqi WANG, Bencheng ZHANG
.
DOI: 10.4236/ijcns.2009.27067   PDF    HTML     6,449 Downloads   11,476 Views   Citations

Abstract

Distributed Denial-of-Service (DDoS) attacks against public web servers are increasingly common. Countering DDoS attacks are becoming ever more challenging with the vast resources and techniques increasingly available to attackers. It is impossible for the victim servers to work on the individual level of on-going traffic flows. In this paper, we establish IP Flow which is used to select proper features for DDoS detection. The IP flow statistics is used to allocate the weights for traffic routing by routers. Our system protects servers from DDoS attacks without strong client authentication or allowing an attacker with partial connectivity information to repeatedly disrupt communications. The new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in a real network circumstance. The experiment shows that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attacks, thus eliminating efficiently the global burst of traffic arising from normal traffic.

Keywords

DDoS Attack, Genetic Algorithm, IP Flow Statistics

Share and Cite:

Conflicts of Interest

The authors declare no conflicts of interest.

References

[1]	J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, “Internet denial of service: Attack and defense mecha-nisms,” Prentice Hall PTR, 2004.
[2]	V. A. Siris and F. Papagalou, “Application of anomaly detection algorithms for detecting SYN flooding attacks In: Regency H, ed,” Global Telecommunications Conf. (GLOBECOM’04). Dallas: IEEE, pp. 2050–2054, 2004.
[3]	W. Li, L. F. Wu, and G. Y. Hu, “Design and implementa-tion of distributed intrusion detection system NetNumen,” Journal of Software, pp. 1723–1728, 2002.
[4]	M. Sung and J. Xu, “IP traceback-based intelligent packet filtering: A novel technique for defending against Internet DDoS attacks,” IEEE Trans. on Parallel and Distributed Systems, pp. 861–872, 2003.
[5]	A. Chandra and P. Shenoy, “Effectiveness of dynamic resource allocation for handling Internet,” University of Massachussets, 2003.
[6]	F. Liang and D. Yau, “Using adaptive router throttles against distributed denial-of-service attacks,” Journal of Software, pp. 1120–1127, 2002.
[7]	A. B. Kulkarni, S. F. Bush, and S. C. Evans, “Detecting distributed denial-of-service attacks using kolmogorov complexity metrics,” General Electric Research and De-velopment Center, December 2001.
[8]	J. Mirkovic, “D-WARD: Source-end defense against distributed denial-of-service attacks,” PhD thesis, Univer-sity of California, Los Angeles, pp. 310–321, August 2003.
[9]	C. Jin, H. Wang, and K. G. Shin, “Hop-count filtering: An effective defense against spoofed DDoS traffic,” Pro-ceedings of the 10th ACM Conference on Computer and Communication Security, ACM Press, pp. 30–41, Octo-ber, 2003.
[10]	Y. Chen, K. Hwang, and Y. K. Kwok, “Filtering of shrew DDoS attacks in frequency domain,” lcn, pp. 786–793, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN’05), Jan. 2005.
[11]	C. Sangpachatanaruk, S. M. Khattab, T. Znati, R. Mel-hem, and D. Mosse’, “A simulation study of the proactive server roaming for mitigating denial of service attacks,” Proceedings of the 36th Annual Simulation Symposium (ANSS’03), pp. 1430–1441, March 2003.
[12]	Bell Labs. Bell Labs Internet Traffic Research. http:// stat.bell-labs.com/InternetTraffic/index.html.
[13]	ICSI Center for Internet Research Traffic Generators for Internet Traffic. http://www.icir.org/models/trafficgenerat ors.html.