Title :
Detecting and Reacting against Distributed Denial of Service Attacks
Author :
Bouzida, Yacine ; Cuppens, Frédéric ; Gombault, Sylvain
Author_Institution :
Mitsubishi Electric ITE-TCL, 1, allée de Beaulieu CS 10806, 35708, Rennes, France. Bouzida@tcl.ite.mee.com
Abstract :
Distributed denial of service attacks (DDoS) are becoming a big threat to the Internet. Recently, some DDoS attacks have infected more than 100,000 vulnerable hosts over Internet within 10 minutes. Consequences of these attacks can be devastating toward many companies whose security policy against this kind of attacks relies only on reconfiguring firewalls. It is judicious to note that no computer network is immune from intrusions in general and distributed denial of service attacks in particular. Intrusion detection systems should be geographically distributed to detect distributed and cooperated attacks. In this paper, we use a cooperative approach, which uses the Intrusion Detection Message Exchange Format (IDMEF) defined by the IETF, that can detect coordinated attack scenarios through alert correlation of distributed IDSs. We present our experience in realizing this cooperative system and the different results obtained from its implementation in a real network.
Keywords :
Computer crime; Computer networks; Counting circuits; Floods; Information filtering; Information filters; Intrusion detection; Master-slave; Protocols; Web and internet services;
Conference_Titel :
Communications, 2006. ICC '06. IEEE International Conference on
Conference_Location :
Istanbul
Print_ISBN :
1-4244-0355-3
Electronic_ISBN :
8164-9547
DOI :
10.1109/ICC.2006.255128
