Page 1 |
Save page Remove page | Previous | 1 of 206 | Next |
|
small (250x250 max)
medium (500x500 max)
large ( > 500x500)
Full Resolution
All (PDF)
|
This page
All
Subset |
COLLABORATIVE DETECTION AND FILTERING OF DDOS ATTACKS
IN ISP CORE NETWORKS
by
Yu Chen
A Dissertation Presented to the
FACULTY OF THE GRADUATE SCHOOL
UNIVERSITY OF SOUTHERN CALIFORNIA
In Partial Fulfillment of the
Requirements for the Degree
DOCTOR OF PHILOSOPHY
(ELECTRICAL ENGINEERING)
December 2006
Copyright 2006 Yu Chen
Object Description
| Title | Collaborative detection and filtering of DDoS attacks in ISP core networks |
| Author | Chen, Yu |
| Author email | cheny@usc.edu |
| Degree | Doctor of Philosophy |
| Document type | Dissertation |
| Degree program | Electrical Engineering (Computer Networks) |
| School | Viterbi School of Engineering |
| Date defended/completed | 2006-10-20 |
| Date submitted | 2006 |
| Restricted until | Unrestricted |
| Date published | 2006-11-15 |
| Advisor (committee chair) | Hwang, Kai |
| Advisor (committee member) |
Krishnamachari, Bhaskar Govindan, Ramesh |
| Abstract | Distributed denial of services (DDoS) attacks pose a major threat to the Internet. Although one promising solution should be a real distributed scheme covering a wide area, most reported solutions conform to the end-to-end paradigm and target end-node victims. Because these solutions could not detect anomalies incurring inside the intermediate network, they could not detect the DDoS attacks at an early stage.; This dissertation explores the defense against DDoS attacks from an ISP perspective. A distributed scheme over multiple ISP domains is proposed, which relies on ISP network routers monitoring traffic fluctuations and information sharing with peers. To resolve the security policy conflicts, a new secure infrastructure protocol (SIP) is developed to establish trust between ISPs. SIP provides a secure platform supporting collaborative detection and responses to DDoS attacks. Distributed schemes are proposed to fight against both the brute force flooding DDoS attacks and the stealthy low-rate TCP-targeted DDoS attacks.; Having observed the directionality and aggregation characteristics in the spatiotemporal pattern of the flooding flows, a distributed change-point (DCP) detection architecture was developed using change aggregation trees (CAT). The DCP scheme detects traffic variances across network domains and all CAT servers exchange alert information to make global detection decisions. After early detection, MAlicious Flow Identification and Cutoff (MAFIC) issues lightweight probes to flow sources to segregate malicious flows with minimized bilateral damage.; A novel spectral template-matching approach is proposed to counter shrew DDoS attacks. Combining digital signal processing techniques and hypothesis testing, collaborative detection and filtering (CDF) detects and cuts off shrew attack flows embedded in legitimate TCP/UDP streams by spectral analysis.; The performance of the distributed schemes is evaluated through intensive experiments on DETER testbeds and NS-2 simulators. Experiment results show a significant improvement was achieved by detecting anomalies crossing multiple ISP networks cooperatively. Information sharing among neighbor routers and SIP servers effectively increased detection rates while decreasing the number of false alarms. The experiments verified the effectiveness of DCP and CDF schemes and achieved encouraging results. |
| Keyword | network security; DDoS attacks; internet infrastructure security; computer networks |
| Language | English |
| Part of collection | University of Southern California dissertations and theses |
| Publisher (of the original version) | University of Southern California |
| Place of publication (of the original version) | Los Angeles, California |
| Publisher (of the digital version) | University of Southern California. Libraries |
| Type | texts |
| Legacy record ID | usctheses-m150 |
| Rights | Chen, Yu |
| Repository name | Libraries, University of Southern California |
| Repository address | Los Angeles, California |
| Repository email | http://www.usc.edu/isd/libraries/services/ask_a_librarian/email/ |
| Filename | etd-Chen-20061115 |
| Archival file | uscthesesreloadpub_Volume44/etd-Chen-20061115.pdf |
Description
| Title | Page 1 |
| Full text | COLLABORATIVE DETECTION AND FILTERING OF DDOS ATTACKS IN ISP CORE NETWORKS by Yu Chen A Dissertation Presented to the FACULTY OF THE GRADUATE SCHOOL UNIVERSITY OF SOUTHERN CALIFORNIA In Partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY (ELECTRICAL ENGINEERING) December 2006 Copyright 2006 Yu Chen |
Comments
Post a Comment for Page 1
