• DocumentCode
    2654272
  • Title

    Optimal Placement of Detection Nodes against Distributed Denial of Service Attack

  • Author

    Islam, Muhammad Hasan ; Nadeem, Kamran ; Khan, Shoab A.

  • Author_Institution
    Center for Adv. Studies in Eng., Islamabad
  • fYear
    2009
  • fDate
    22-24 Jan. 2009
  • Firstpage
    675
  • Lastpage
    679
  • Abstract
    Distributed denial of service (DDoS) attacks have become a major threat to organizations and especially to Internet and intranet. In DDoS attacks targets are overwhelmed by sending an enormous amount of traffic from a number of attack sites. The major tasks of any defense system are to detect these attacks accurately and early on, before it causes an unrecoverable loss. Most of the research in this regard has been focused on the detection techniques without exploiting spatial placement of detection system in a network. The ideal way to completely eliminate the DDoS threat is to run detection mechanism on every node in the network, which is not a practical solution. In this paper, we focus on the optimized placement of detection nodes in a network for distributed detection of DDoS attacks, which not only minimize the number of these node required but also reduce the cost, processing overheads and larger delays in identifying an attack. We examine the placement problem of finding a minimum cardinality set of nodes to detect DDoS attacks such that no attack traffic can reach the target without being monitored by these sensors. The placement problem is formulated as set packing.
  • Keywords
    Internet; security of data; telecommunication traffic; Internet; detection nodes; distributed denial of service attack; minimum cardinality set; optimal placement; run detection mechanism; Communication system traffic control; Computer crime; Computer networks; Condition monitoring; Costs; Distributed computing; Floods; Network topology; Optimal control; Telecommunication traffic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Advanced Computer Control, 2009. ICACC '09. International Conference on
  • Conference_Location
    Singapore
  • Print_ISBN
    978-1-4244-3330-8
  • Type

    conf

  • DOI
    10.1109/ICACC.2009.114
  • Filename
    4777428