Autonomic Response to Distributed Denial of Service Attacks

Sterne, D.; Djahandari, K.; Wilson, Brad; Babson, Bill; Schnackenberg, D.; Holliday, Harley; Reid, Travis

doi:10.1007/3-540-45474-8_9

Cited by 32 publications

(25 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Otherwise, the effects of the thread get added as local event 5 All other agents, with the exception of the controller agent that sends arbitrary XML files to a designated host and port, were not associated with the worm simulation project. 6 To clarify attack identifiers, suppose an experiment consisted of two worms.…”

Section: Host-based Agentmentioning

confidence: 99%

See 1 more Smart Citation

A Network-Based Response Framework and Implementation

Tylutki

Levitt

2009

Active and Programmable Networks

View full text Add to dashboard Cite

Abstract. As the number of network-based attacks increase, and system administrators become overwhelmed with Intrusion Detection System (IDS) alerts, systems that respond to these attacks are rapidly becoming a key area of research. Current response solutions are either localized to individual hosts, or focus on a refined set of possible attacks or resources, which emulate many features of low level IDS sensors.In this paper, we describe a modular network-based response framework that can incorporate existing response solutions and IDS sensors. This framework combines these components by uniting models that represent: events that affect the state of the system, the detection capabilities of sensors, the response capabilities of response agents, and the conditions that represent system policy. Linking these models provides a foundation for generating responses that can best satisfy policy, given the perceived system state and the capabilities of sensors and response agents.

show abstract

Section: Host-based Agentmentioning

confidence: 99%

“…If a high-level IDS predicts an attacker's goals or future targets, this information could be used to reconfigure these agents to better deceive the attacker. Other response agents, such as DDoS mitigation systems [4,5,6], can also be used and configured based on their requirements and expected performance.…”

Section: Introductionmentioning

confidence: 99%

A Network-Based Response Framework and Implementation

Tylutki

Levitt

2009

Active and Programmable Networks

View full text Add to dashboard Cite

show abstract

“…Therefore, if an active router detects an attack attempt it will send an active packet to the other edge active router to block the attacking packets. Unlike some other approaches [10,11,12,13,14], this architecture allows the network to work without relying on a central management server.…”

Section: The Active Router Architecturementioning

confidence: 99%

Active router approach to defeating denial-of-service attacks in networks

2007

View full text Add to dashboard Cite

“…It is not possible to adjust the attack detection so that exactly only legitimate traffic would get in. This fact has been recognized in existing DDoS toolkits which generate attack traffic looking very similar to legitimate traffic [5].…”

Section: Effectivenessmentioning

confidence: 95%

“…Sometimes evaluation is carried out under ideal conditions, where there are no false positives and no collateral damage, such as when studying rate-limiting in [5]. Three existing preventive defence mechanisms were compared in [6], and it was found out that they were originally evaluated according to restricted criteria, ignoring the risk of attacks that they cannot solve.…”

Section: Introductionmentioning

confidence: 99%

A Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks

Mölsä¹

Ec2nd 2005

View full text Add to dashboard Cite

Abstract. This paper describes a set of criteria for evaluating defence mechanisms against flooding denial of service (DoS) attacks. Effectiveness and usefulness of a defence mechanism in mitigating a DoS attack depends on many issues which are presented here in the form of a taxonomy. The primary goal of this taxonomy is to help in getting a comprehensive view on both the strengths and weaknesses of a specific defence mechanism. A good defence mechanism should not disturb legitimate traffic when there is no attack, should mitigate the amount of attack traffic well enough, should increase the quality of service (QoS) available to legitimate traffic during an attack, and should use as little resources in this task as possible. In addition, any defence mechanism should be robust against changes in attack characteristics and intentional misuse.

show abstract

Autonomic Response to Distributed Denial of Service Attacks

Cited by 32 publications

References 1 publication

A Network-Based Response Framework and Implementation

A Network-Based Response Framework and Implementation

Active router approach to defeating denial-of-service attacks in networks

A Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks

Contact Info

Product

Resources

About