Abstract: Proposes a coordinated defense scheme of distributed denial of service (DDoS) network attacks, based on the backward-propagation, on-off control strategy. When a DDoS attack is in effect, a high concentration of malicious packet streams are routed to the victim in a short time, making it a hot spot. A similar problem has been observed in multiprocessor systems, where a hot spot is formed when a large number of processors access simultaneously shared variables in the same memory module. Despite the similar terminologies used here, solutions for multiprocessor hot spot problems cannot be applied to that in the Internet, because the hot traffic in DDoS may only represent a small fraction of the Internet traffic, and the attack strategies on the Internet are far more sophisticated than that in the multiprocessor systems. The performance impact on the hot spot is related to the total hot packet rate that can be tolerated by the victim. We present a backward pressure propagation, feedback control scheme to defend DDoS attacks. We use a generic network model to analyze the dynamics of network traffic, and develop the algorithms for rate-based and queue-length-based feedback control. We show a simple design to implement our control scheme on a practical switch queue architecture.

Abstract: Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since their threat lies in the inherited weaknesses of the TCP/IP, an effective solution to DDoS attacks must be formulated in conjunction with a new networking paradigm, such as Active Networks. In this paper, we introduce a conceptual framework called Aegis, which we propose as a defense mechanism against DDoS attacks. The core-enabling technology of this framework is the Active Network, which incorporates programmability into intermediate network nodes and allows end-users to customize the way network nodes handle data traffic. By introducing Aegis, we also wish to demonstrate some of the new possibilities that the Active Networks can offer.

Abstract: Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - relatively simple attacks that degrade or deny service can have devastating effects. The critical importance of protection from DoS attacks is well recognized by the DoD and in fact, the USA National Computer Security Center defines INFOSEC to include "measures and controls to protect infrastructure against denial of service". There are basically three levels of DoS attacks, growing both in sophistication and seriousness of attack effects. The simplest attack exploits errors and bugs in the design and source code of a network operating system. The second level of attack exploits known artifacts of a particular system implementation or protocol, often due to limited storage or capacity, to introduce delay, to saturate a system, or otherwise limit accessibility. The third and most damaging level of attack uses very specific features of the network protocol to mount the attack. These attacks are specifically designed to look like normal usage. We have modeled and validated five different DoS attacks. We have executed these attack models against a validated model of a target network whose architecture and stochastic behavior is varied for analysis purposes. We are currently conducting a systems analysis using these models and are looking across the protocol stack and target network for attack effects. This paper describes the analysis of one attack's effectiveness by varying the attack rate, server time out, and connection settings. Output from our model includes probability of denied service, delay and outage time, and correlations under attack and no attack conditions. Our objective is to characterize attack effects and to ultimately derive mitigation techniques and indications and warnings.

Abstract: Computer intrusion and attack detection has always been a significant issue in networked environments. In most cases, there are two levels in which an intrusion may take place, namely the system level and the network level. This paper discusses an algorithm to protect from a specific kind of network-based attacks called Denial of Service and Distributed Denial of Service attacks, based on data provided from Cisco [1] routers running the NetFlow [2] accounting software.

Abstract: : Engineering Issues for an Adaptive Defense Network (ADN) examines the ability of network systems to change behavior dynamically to sustain service in response to attacks. To focus the research problem, Distributed Denial of Service (DDoS) attacks were used as the threat. The primary issue was the capability to detect and defend against DDoS. Experimentation was performed with a packet filtering firewall, a network Quality of Service manager, multiple DDoS tools, and traffic generation tools. Related efforts, recommendations, and experiments are covered in this paper. Adapting to network events in degraded environments is a challenge for applications, services, and systems where conditions are known. As network conditions change due to cyber attacks carried out by e-mail viruses, application viruses, and denial of service attacks, there is typically instantaneous network confusion. Network operator reaction and control of these events can take hours to days for determination and resolution. This effort examines a severe threat, DDoS, and potential techniques for an adaptive, automatic defense that would take place in seconds and represent the first level of defense until network operations or the system administrator can respond. The asymmetric nature of the DDoS threat allows an individual with minimal resources to disrupt or deny network service to critical information infrastructures. Adaptive defense of networks requires automated response to current and future threats. This effort utilized DDoS threats to motivate adaptive defense behavior and experimentation. To provide guidance with respect to DDoS, recommendations were developed by information security organizations. The recommendations presented here protect the packet producers versus the victim, however, they are applicable to all sites and should be implemented.

Abstract: With the rapid development of the Internet, network security is a concern for more and more people. DDoS (Distributed Denial of Service) attack, one of the most serious hacking methods, is causing more and more economical loss. This paper focuses on the diagnosis of DDoS and provides an effective countermeasure based on control theory. From the angle of control theory, this novel control strategy can guarantee the stability of the network and counteract the DDoS attack effectively. The paper addresses the equity of this control algorithm.