A Framework for a Collaborative DDoS Defense

Author

Oikonomou, George ; Mirkovic, Jelena ; Reiher, Peter ; Robinson, Max

Author_Institution

Delaware Univ., Newark, DE

fYear

2006

fDate

Dec. 2006

Firstpage

33

Lastpage

42

Abstract

Increasing use of the Internet for critical services makes flooding distributed denial-of-service (DDoS) a top security threat. A distributed nature of DDoS suggests that a distributed mechanism is necessary for a successful defense. Three main DDoS defense functionalities - attack detection, rate limiting and traffic differentiation - are most effective when performed at the victim-end, core and source-end respectively. Many existing systems are successful in one aspect of defense, but none offers a comprehensive solution and none has seen a wide deployment. We propose to harvest the strengths of existing defenses by organizing them into a collaborative overlay, called DefCOM, and augmenting them with communication and collaboration functionalities. Nodes collaborate during the attack to spread alerts and protect legitimate traffic, while rate limiting the attack. DefCOM can accommodate existing defenses, provide synergistic response to attacks and naturally lead to an Internet-wide response to DDoS threat

Keywords

Internet; security of data; DDoS threat; DefCOM; Internet; attack detection; collaborative DDoS defense; collaborative overlay; critical services; distributed denial-of-service; legitimate traffic protection; rate limiting; security threat; traffic differentiation; Collaboration; Collaborative work; Computer crime; Floods; Organizing; Protection; Prototypes; Security; Telecommunication traffic; Web and internet services;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2006. ACSAC '06. 22nd Annual

Conference_Location

Miami Beach, FL

ISSN

1063-9527

Print_ISBN

0-7695-2716-7

Type

conf

DOI

10.1109/ACSAC.2006.5

Filename

4041152