Title :
Investigation of pushback based detection and prevention of network bandwidth attacks
Author :
Wu, Ningning ; Zhang, Jing
Author_Institution :
Dept. of Inf. Sci., Arkansas Univ., Little Rock, AR, USA
Abstract :
Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investigates an application of pushback approach for the detection and prevention of more general network bandwidth attacks based on the profiles of destination port distribution instead of destination IP addresses. The new approach can be used to detect and prevent against the attacks like Internet worms. The investigation applies the long trace dataset of NLANR - CESCA-I and an Internet Worm Propagation simulator to simulate the generation of profiles and the detection of the Internet CodeRed worm. The dataset statistics and simulation results demonstrate the effectiveness of the new approach in the detection and prevention of Internet worms.
Keywords :
Internet; bandwidth allocation; invasive software; packet switching; quality of service; telecommunication congestion control; telecommunication network routing; telecommunication security; IP address; Internet CodeRed worm; Internet Worm Propagation simulator; network bandwidth attack; packet dropping; pushback based detection; Aggregates; Bandwidth; Communication system control; Computer crime; Computer networks; Computer worms; IP networks; Internet; Network servers; Statistics;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437847
