GridSec: trusted grid computing with security binding and self-defense against network worms and DDoS attacks
Kai Hwang,Yu-Kwong Kwok,Shanshan Song,Min Cai Yu Chen,Ying Chen,Runfang Zhou,Xiaosong Lou +6 more
- 22 May 2005
- Vol. 3516, pp 187-195
TL;DR: A novel architectural design of Grid security infrastructure, security binding for enhanced Grid efficiency, distributed collaborative IDS and alert correlation, DHT-based overlay networks for worm containment, and pushback of DDoS attacks are proposed.
read more
Abstract: The USC GridSec project develops distributed security infrastructure and self-defense capabilities to secure wide-area networked resource sites participating in a Grid application. We report new developments in trust modeling, security-binding methodology, and defense architecture against intrusions, worms, and flooding attacks. We propose a novel architectural design of Grid security infrastructure, security binding for enhanced Grid efficiency, distributed collaborative IDS and alert correlation, DHT-based overlay networks for worm containment, and pushback of DDoS attacks. Specifically, we present a new pushback scheme for tracking attack-transit routers and for cutting malicious flows carrying DDoS attacks. We discuss challenging research issues to achieve secure Grid computing effectively in an open Internet environment.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing
Runfang Zhou,Kai Hwang +1 more
TL;DR: A new fair scheduling technique, called OCGRR (output controlled grant-based round robin), for the support of DiffServ traffic in a core router, which reduces the intertransmission time from the same stream and achieves a smaller jitter and startup latency.
Trusted Grid Computing with Security Binding and Trust Integration
TL;DR: A new fuzzy-logic trust model for distributed trust aggregation through fuzzification and integration of security attributes is proposed, which is determined by site reputation from its track record and self-defense capability attributed to the risk conditions and hardware and software defenses deployed at a Grid site.
129
Collaborative Internet worm containment
Min Cai,Kai Hwang,Yu-Kwong Kwok,Shanshan Song,Yu Chen +4 more
- 01 May 2005
TL;DR: This research presents a probabilistic procedure that can be used to estimate the probability of a large-scale worm outbreak from a single distributed denial-of-service (DDoS) attack, and the procedure can be modified for smaller outbreaks.
Enhancing grid security using trusted virtualization
Hans Löhr,HariGovind V. Ramasamy,Ahmad-Reza Sadeghi,Stefan Schulz,Matthias Schunter,Christian Stüble +5 more
- 11 Jul 2007
TL;DR: This work proposes a scalable offline attestation protocol, which allows the selection of trustworthy partners in the grid with low overhead and increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets.
Collaborative Change Detection of DDoS Attacks on Community and ISP Networks
TL;DR: Preliminary NS-2 simulation results on a singledomain ISP core network are reported to prove the effectiveness of the new collaborative CAT architecture for DDoS defense, with a detection rate as high as 95% with less than 1% of false positive alarms.
59
References
Chord: A scalable peer-to-peer lookup service for internet applications
Ion Stoica,Robert Morris,David R. Karger,M. Frans Kaashoek,Hari Balakrishnan +4 more
- 27 Aug 2001
TL;DR: Results from theoretical analysis, simulations, and experiments show that Chord is scalable, with communication cost and the state maintained by each node scaling logarithmically with the number of Chord nodes.
11.2K
The Eigentrust algorithm for reputation management in P2P networks
Sepandar D. Kamvar,Mario T. Schlosser,Hector Garcia-Molina +2 more
- 20 May 2003
TL;DR: An algorithm to decrease the number of downloads of inauthentic files in a peer-to-peer file-sharing network that assigns each peer a unique global trust value, based on the peer's history of uploads is described.
•Proceedings Article
Autograph: toward automated, distributed worm signature detection
TL;DR: Autograph as mentioned in this paper is a system that automatically generates signatures for novel Internet worms that propagate using TCP transport, and it is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives).
Autograph: toward automated, distributed worm signature detection
TL;DR: Autograph is described, a system that automatically generates signatures for novel Internet worms that propagate using TCP transport that is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives).
660
Loglog Counting of Large Cardinalities
Marianne Durand,Philippe Flajolet +1 more
- 16 Sep 2003
TL;DR: The LogLog algorithm makes use of m "small bytes" of auxiliary memory in order to estimate in a single pass the number of distinct elements (the "cardinality") in a file, and it does so with an accuracy that is of the order of 1/ √ m.