Title :
Network domain entrypoint/path determination for DDoS attacks
Author :
Thing, Vrizlynn L L ; Sloman, Morris ; Dulay, Naranker
Author_Institution :
Dept. of Comput., Imperial Coll. London, London
Abstract :
A method to determine entry points and paths of DDoS attack traffic flows into network domains is proposed. We determine valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses to construct the attack paths. We show results from simulations to detect the routers carrying attack traffic in the victim´s network domain. Our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. Our algorithm is simple and efficient, allowing for a fast traceback and the method is scalable due to the distribution of processing workload.
Keywords :
IP networks; Internet; telecommunication network routing; telecommunication security; telecommunication traffic; DDoS attacks; Internet routers; data packets; distributed denial of service; network domain entrypoint determination; network domain path determination; route anomalies; traffic flows; workload processing; Authentication; Backscatter; Computer crime; Computer networks; Educational institutions; Filtering; Internet; Payloads; Telecommunication traffic; Traffic control; Distributed Denial of Service; IP Traceback;
Conference_Titel :
Network Operations and Management Symposium, 2008. NOMS 2008. IEEE
Conference_Location :
Salvador, Bahia
Print_ISBN :
978-1-4244-2065-0
Electronic_ISBN :
1542-1201
DOI :
10.1109/NOMS.2008.4575117
