A collaborative peer-to-peer architecture to defend against DDoS attacks

Author

Saad, Radwane ; Nait-Abdesselam, Farid ; Serhrouchni, Ahmed

Author_Institution

TELECOM ParisTech, Paris

fYear

2008

fDate

14-17 Oct. 2008

Firstpage

427

Lastpage

434

Abstract

Nowadays, we are witnessing an important increase in attacks among which distributed denial-of-service (DDoS) that easily flood the victims using multiple paths. Intrusion detection and filtering are necessary mechanisms to combat against these attacks and secure networks. However, the existing detection techniques for DDoS attacks have their entities work in isolation. In this paper, we propose an efficient and distributed collaborative architecture that allows the placement and the cooperation of the defense entities to better address the main security challenges. The use of content based DHT (distributed hash table) algorithm permits also to improve the scalability and the load balancing of the whole system. This modular architecture has been implemented on IDS (intrusion detection system) entities with the DHT Pastry protocol and has shown a promising performance.

Keywords

Internet; information filtering; peer-to-peer computing; protocols; security of data; DDoS attacks; DHT Pastry protocol; Internet; collaborative peer-to-peer architecture; distributed collaborative architecture; distributed denial-of-service; distributed hash table algorithm; filtering mechanisms; intrusion detection system; Collaboration; Collaborative work; Computer crime; Filtering; Floods; Intrusion detection; Load management; Peer to peer computing; Protocols; Scalability; DDoS Attacks; DHT; Intrusion Detection; P2P;

fLanguage

English

Publisher

ieee

Conference_Titel

Local Computer Networks, 2008. LCN 2008. 33rd IEEE Conference on

Conference_Location

Montreal, Que

Print_ISBN

978-1-4244-2412-2

Electronic_ISBN

978-1-4244-2413-9

Type

conf

DOI

10.1109/LCN.2008.4664200

Filename

4664200