PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS
Keywords:DDoS attacks, DDoS defense, agent, network security, performance evaluation.
AbstractThe current internet infrastructure is susceptible to distributed denial of service (DDoS) attacks and has no built in mechanism to defend against them. The research on these kinds of attacks and their defense is significant for the security and reliability of the internet. We have already proposed a collaborative agent based distributed DDoS defense scheme which detect and prevents against DDoS attacks in ISP (Internet Service Provider) boundaries. The actual task of defense is carried out by agents and coordinators in each ISP. The defense system works by inspecting incoming traffic on edge router and identify the happening of DDoS attacks. The agent’s implements an entropy-threshold based detection algorithm. The coordinators share attack related information with neighboring ISPs in order to achieve distributed defense. The performance of defense system is evaluated on the basis of some identified metrics. The effectiveness of the defense system is evaluated in the presence and absence of defense system. The result indicates that the proposed defense system does accurate attack detection with very few false positives and false negatives.
D. Karig, R. Lee, Remote Denial of Service Attacks and Countermeasures, Department of Electrical Engineering, Princeton University, Technical Report CEL2001-002, 2001.
C. Douligeris, D. Serpanos, Network Security: Current Status & Future Directions, Wiley-IEEE Press, 2007, 122 p.
L. Garber, “Denial-of-Service attacks rip the Internet,” IEEE Computer, vol. 33, no. 4, pp. 12-17, 2000.
M. Brunker, Spam block lists bombed to oblivion, 2003, [Online]. Available: http://www.msnbc.msn.com/id/3088113/
L. Gordon, M. Loeb, W. Lucyshyn, R. Richardson, 2005 CSI/FBI Computer Crime and Security Survey, Technical Report, Computer Security Institute, 2005.
AusCERT, 2005 Australian Computer Crime and Security Survey, Tech. Report, Australian Computer Emergency Response Team, 2005, [Online]. Available: http://www.auscert.org.au/crimesurvey.
R. Vamosi, Study DDoS attacks threaten ISP infrastructure, 2008, [Online]. Available: http://www.cnet.com/news/study-ddos-attacks-threaten-isp-infrastructure.
K. Singh, K. Dhindsa, B. Bhushan, “Distributed defense: An edge over centralized defense against DDos attacks,” International Journal of Computer Network and Information Security, vol. 9, no. 3, pp. 36-44, March 2017.
H. Kang, S. Kim, “sShield: small DDoS defense system using RIP-based traffic deflection in autonomous system,” The Journal of Supercomputing, vol. 67, pp. 820-836, 2014.
T. Nguyen, C. Doan, V. Nguyen, T. Nguyen, “Distributed defense of distributed DoS using pushback and communicate mechanism,” in Proceedings of International Conference on Advanced Technologies for Communications (ATC 2011), Da Nang, Vietnam, Aug. 2011, pp. 178-182.
B. Gupta, R. Joshi, M. Mishra, “Dynamic and auto responsive solution for distributed denial of service attacks detection in ISP network,” International Journal of Computer Theory and Engineering, vol. 1, no. 1, 2009.
Y. Chen, K. Hwang, W. Ku, “Collaborative detection of DDoS attacks over multiple network domains,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, 2007.
H. Lam, C. Li, S. Chanson, D. Yeung, “A coordinated detection and response scheme for distributed denial of service attacks,” in Proceedings of IEEE Conference on Communications, Istanbul, Turkey, June 2006, pp. 2165-2170.
J. Mirkovic, M. Robinson, P. Reiher, G. Oikonomou, “A framework for collaborative DDoS defense,” in Proceedings of 22nd Annual Computer Security Applications Conference, Miami, Florida, USA, Dec. 2006, pp. 33-42.
S. Chen, Q. Song, “Perimeter-based defense against high-bandwidth DDoS attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 16, no. 6, 2005.
U. Tupakula, V. Varadharajan, “A practical method to counteract denial of service attacks,” in Proceedings of the twenty-fifth Australasian computer science conference, Darlinghurst, Australia, Feb. 2003, pp. 275-284.
C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, R. Govindan, “COSSACK: Coordinated Suppression of Simultaneous Attacks,” in Proceedings of DISCEX, Washington, DC, USA, Apr. 2003, pp. 2-13.
R. Mahajan, S. Bellovin, S. Floyd, V. Paxson, S. Shenker, “Controlling high bandwidth aggregates in the network,” ACM SIGCOMM Computer Communications Review, vol. 32, no. 3, pp. 62-73, 2002.
R. Canonico, D. Cotroneo, L. Peluso, S. Romano, G. Ventre, “Programming routers to improve network security,” in Proceedings of the OPENSIG 2001 Workshop Next Generation Network Programming, London, UK, Sep. 2001.
U. Tupakula, V. Varadharajan, “A controller agent model to counteract DoS attacks in multiple domains,” in Proceedings of Integrated Network Management, IFIP/IEEE 8th International Symposium, Colorado Springs, USA, Mar. 2003, pp. 113-116.
A. Varga, R. Horing, “An overview of the OMNeT++ simulation environment,” in Proceedings of the 1st International Conference on Simulation Tools and Techniques for Communications, Networks and Systems & Workshops, Marseille, France, March 2008.
INET Framework for OMNeT++, manual, [Online]. Available: https://omnetpp.org/doc/inet/api-current/inet-manual-draft.pdf.
T. Gamer, M. Scharf, “Realistic simulation environment for IP-based networks,” in Proceedings of 1st International Conference on Simulation Tools and Techniques for Communication and Systems & Workshops, Marseille, France, March 2008.
K. Singh, K. Dhindsa, B. Bhushan, “Collaborative agent-based model for distributed defense against DDoS attacks in ISP networks,” International Journal of Security and its Applications, vol. 11, no. 8, pp. 1-12, 2017.
K. Singh, K. Dhindsa, and B. Bhushan, “Coordinator-agent based distributed defense against DDoS attacks in transit-stub networks,” International Journal of Future Generation Communication and Networking, vol. 10, no. 5, pp. 51-64, 2017.
K. Singh, K. Dhindsa, B. Bhushan, “Deployment of agent-based distributed defense mechanism against DDoS attacks in multiple ISP networks,” International Journal on Information Technologies & Security, vol. 9, no. 4, pp. 123-34, 2017.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.