DDoS flooding attacks are one of the biggest concerns for security professionals and they are typically explicit attempts to disrupt legitimate users' access to services. Developing a comprehensive defense mechanism against such attacks requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various such attacks.ududIn this thesis, we dig into the problem of DDoS flooding attacks from four directions: (1) We study the origin of these attacks, their variations, and various existing defense mechanisms against them. Our literature review gives insight into a list of key required features for the next generation of DDoS flooding defense mechanisms. The most important requirement on this list is to see more distributed DDoS flooding defense mechanisms in near future, (2) In such systems, the success in detecting DDoS flooding attacks earlier and in a distributed fashion is highly dependent on the quality and quantity of the traffic flows that are covered by the employed traffic monitoring mechanisms. This motivates us to study and understand the challenges of existing traffic monitoring mechanisms, (3) We propose a novel distributed, coordinated, network-wide traffic monitoring (DiCoTraM) approach that addresses the key challenges of current traffic monitoring mechanisms. DiCoTraM enhances flow coverage to enable effective, early detection of DDoS flooding attacks. We compare and evaluate the performance of DiCoTraM with various other traffic monitoring mechanisms in terms of their total flow coverage and DDoS flooding attack flow coverage, and (4) We evaluate the effectiveness of DiCoTraM with cSamp, an existing traffic monitoring mechanism that outperforms most of other traffic monitoring mechanisms, with regards to supporting early detection of DDoS flooding attacks (i.e., at the intermediate network) by employing two existing DDoS flooding detection mechanisms over them. We then compare the effectiveness of DiCoTraM with that of cSamp by comparing the detection rates and false positive rates achieved when the selected detection mechanisms are employed over DiCoTraM and cSamp. The results show that DiCoTraM outperforms other traffic monitoring mechanisms in terms of DDoS flooding attack flow coverage.
展开▼
机译:DDoS泛洪攻击是安全专业人员最关注的问题之一,它们通常是明确尝试破坏合法用户对服务的访问。开发针对此类攻击的全面防御机制需要对问题以及到目前为止在预防,检测和响应各种此类攻击中所使用的技术有全面的了解。 ud ud在本文中,我们将深入研究DDoS问题从四个方向泛滥攻击:(1)我们研究了这些攻击的起源,其变体以及各种针对它们的防御机制。我们的文献综述深入了解了下一代DDoS泛洪防御机制的关键必需功能列表。此列表上最重要的要求是在不久的将来看到更多的分布式DDoS泛洪防御机制。(2)在此类系统中,能否尽早且以分布式的方式检测DDoS泛洪攻击的成功高度依赖于DDoS泛洪的质量和数量。所采用的流量监视机制所涵盖的流量。这激励我们研究和理解现有流量监控机制的挑战,(3)我们提出了一种新颖的分布式,协调的,全网范围的流量监控(DiCoTraM)方法,以应对当前流量监控机制的关键挑战。 DiCoTraM增强了流量覆盖范围,从而能够有效,早期地检测DDoS泛洪攻击。我们将DiCoTraM与其他各种流量监控机制的总流量覆盖范围和DDoS泛洪攻击流量覆盖范围进行比较和评估,并且(4)我们使用cSamp评估DiCoTraM与cSamp的有效性,cSamp是一种优于大多数流量监控机制的现有流量监控机制其他流量监控机制,通过在其上采用两种现有的DDoS泛洪检测机制来支持DDoS泛洪攻击的早期检测(即,在中间网络)。然后,我们通过比较在DiCoTraM和cSamp上使用选定的检测机制时实现的检测率和假阳性率,比较DiCoTraM和cSamp的有效性。结果表明,就DDoS泛洪攻击流覆盖率而言,DiCoTraM优于其他流量监视机制。
展开▼
