Abstract
In this paper, we propose a cooperative inter-domain security mana- gement to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The security management cooperation is achieved in two steps. First, a domain security manager forwards information regarding identified suspicious attack flows to neighboring managers. Secondly, the domain security manager verifies the attack upon receiving return messages from the neighboring managers. The management method proposed in this paper is designed not only to prevent network resources from being exhausted by the attacks but also to increase the possibility that legitimate users can fairly access the target services. Through the experiment on a test-bed, the proposed method was verified to be able to maintain high detection accuracy and to enhance the normal packet survival rate.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Baba, T., Matsuda, S.: Tracing Network Attacks to Their Sources. IEEE Internet Computing (March-April 2002)
Belenky, A., Ansari, N.: On IP Traceback. IEEE Communications Magazine (July 2003)
Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the internet topology. In: SIGCOMM, pp. 251–262 (1999)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DISCEX (DARPA Information Survivability Conference and Exposition) (2003)
Ioannidis, J., Bellovin, S.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proceedings of the Network and Distributed System Security Symposium (February 2002)
KICS of Korea Information Security Agency. Intercept and Analysis Technologies Against DDoS Attacks (September 2004)
Lakhina, A., Crovella, M., Diot, C.: Characterization of Network-Wide Anomalies in Traffic Flows. In: IMC 2004 (October 2004)
Mahajan, R., et al.: Controlling High Bandwidth Aggregates in the Network. ACM SIGCOMM Computer Communications Review, 32(3) (July 2002)
Min, B.J., Kim, S.K., Choi, J.S.: Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 174–187. Springer, Heidelberg (2004)
Peng, T., Leckie, C., Ramamohanarao, K.: Defending Against Distributed Denial of Services Attacks Using Selective Pushback. In: Proceedings of the 9th IEEE Int’l Conference on Telecommunications (June 2002)
How to Get Rid of Denial of Service Attacks, http://www.bgpexpert.com
Unicast Reverse Path Forwarding(uRPF) Enhancements for the ISP-ISP Edge, ftp://ft-eng.cisco.com/cons//isp/security/URPF-ISP.pdf
Configuring BGP to Block Denial-of-Service Attacks, http://www.water.springs.org/pub/id/draft-turk-bgp-dos-01.txt
Linux Advanced Routing and Traffic Control HOWTO, http://www.lartc.org/lartc.html
Spread Toolkit, http://www.spread.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, S.K., Min, B.J. (2006). Inter-domain Security Management to Protect Legitimate User Access from DDoS Attacks. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3981. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751588_91
Download citation
DOI: https://doi.org/10.1007/11751588_91
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34072-0
Online ISBN: 978-3-540-34074-4
eBook Packages: Computer ScienceComputer Science (R0)