Distributed Management Architecture for Cooperative Detection and Reaction to DDOS Attacks
Georgios Koutepas
Network Management and Optimal Design Laboratory
Electrical and Computer Engineering Department
National Technical University of Athens
Iroon Polytexneiou 9,
15780 Zografou,
Greece
Email: gkoutep_AT_netmode.ntua.gr
Fotis Stamatelopoulos
Network Management and Optimal Design Laboratory
Electrical and Computer Engineering Department
National Technical University of Athens
Iroon Polytexneiou 9,
15780 Zografou,
Greece
Email: fotis_AT_netmode.ntua.gr
Basil Maglaris
Network Management and Optimal Design Laboratory
Electrical and Computer Engineering Department
National Technical University of Athens
Iroon Polytexneiou 9,
15780 Zografou, Greece
Email: maglaris_AT_mail.ntua.gr
Abstract
We propose a cooperative intrusion detection framework focused on countering Distributed Denial of Service (DDoS) attacks through the introduction of a distributed overlay early-warning network. Our goal is to minimize the detection and reaction time and automate responses, while involving as many networks as possible along the attack path. The proposed approach relies on building a "community" of trusted partners that will cooperate by exchanging security information so that inclusion in the attack path is detected locally and without traceback procedures. The main building block is the Cooperative anti-DDoS Entity, a modular software system deployed in each participating network domain that supports secure message exchanges and local responses tailored to individual sites' policies. We discuss the operation and the implementation of a prototype, and we provide a survey of the methodologies against DDoS and compare our approach to related work.
Keywords: DDoS, Network security, distributed management, inter-domain, multicast, automated reaction
JNSM: Vol. 12, No. 1, 2004
Distributed Management Architecture for Cooperative Detection and Reaction to DDOS Attacks [Vol. 12, No. 1, 2004]
NOTE: only abstract of paper available on-line; please contact your library or the authors for the full paper
Back to JNSM main page