Resistance is not futile: Detecting DDoS attacks without packet inspection

Arjun P. Athreya; Xiao Wang; Yu Seung Kim; Yuan Tian; Patrick Tague

doi:10.1007/978-3-319-05149-9_11

Resistance is not futile: Detecting DDoS attacks without packet inspection

Arjun P. Athreya, Xiao Wang, Yu Seung Kim, Yuan Tian, Patrick Tague

Molecular Pharmacology and Experimental Therapeutics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Packets in anonymous networks are fully protected. Therefore, traditional methods relying on packet header and higher layer information do not work to detect Distributed-Denial-of-Service (DDoS) attacks in anonymous networks. In this paper we propose to use observable statistics at routers that need no packet inspection to infer the presence of an attack. We propose packet resistance as a metric to detect the presence of attacks which reduce the availability of channel bandwidth for wireless routers in the core network. Our proposed detection framework is distributed, wherein each router in the network core monitors and reports its findings to an intermediate router. These intermediate routers form a hierarchical overlay to eventually reach a centralized attack monitoring center. The alarm messages are used to construct an attack path and determine the origin of the attack. We present simulation results to demonstrate the effectiveness of our proposed metric.

Original language	English (US)
Title of host publication	Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers
Publisher	Springer Verlag
Pages	174-188
Number of pages	15
ISBN (Print)	9783319051482
DOIs	https://doi.org/10.1007/978-3-319-05149-9_11
State	Published - 2014
Event	14th International Workshop on Information Security Applications, WISA 2013 - Jeju Island, Korea, Republic of Duration: Aug 19 2013 → Aug 21 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8267 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Workshop on Information Security Applications, WISA 2013
Country/Territory	Korea, Republic of
City	Jeju Island
Period	8/19/13 → 8/21/13

Keywords

Anonymous networks
DDoS
Intrusion detection

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-05149-9_11

Cite this

Athreya, A. P., Wang, X., Kim, Y. S., Tian, Y., & Tague, P. (2014). Resistance is not futile: Detecting DDoS attacks without packet inspection. In Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers (pp. 174-188). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8267 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-05149-9_11

Resistance is not futile: Detecting DDoS attacks without packet inspection. / Athreya, Arjun P.; Wang, Xiao; Kim, Yu Seung et al.
Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag, 2014. p. 174-188 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8267 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Athreya, AP, Wang, X, Kim, YS, Tian, Y & Tague, P 2014, Resistance is not futile: Detecting DDoS attacks without packet inspection. in Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8267 LNCS, Springer Verlag, pp. 174-188, 14th International Workshop on Information Security Applications, WISA 2013, Jeju Island, Korea, Republic of, 8/19/13. https://doi.org/10.1007/978-3-319-05149-9_11

Athreya AP, Wang X, Kim YS, Tian Y, Tague P. Resistance is not futile: Detecting DDoS attacks without packet inspection. In Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag. 2014. p. 174-188. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-05149-9_11

Athreya, Arjun P. ; Wang, Xiao ; Kim, Yu Seung et al. / Resistance is not futile : Detecting DDoS attacks without packet inspection. Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers. Springer Verlag, 2014. pp. 174-188 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{16e073729ca24ef9b9b4c2f197a7846b,

title = "Resistance is not futile: Detecting DDoS attacks without packet inspection",

abstract = "Packets in anonymous networks are fully protected. Therefore, traditional methods relying on packet header and higher layer information do not work to detect Distributed-Denial-of-Service (DDoS) attacks in anonymous networks. In this paper we propose to use observable statistics at routers that need no packet inspection to infer the presence of an attack. We propose packet resistance as a metric to detect the presence of attacks which reduce the availability of channel bandwidth for wireless routers in the core network. Our proposed detection framework is distributed, wherein each router in the network core monitors and reports its findings to an intermediate router. These intermediate routers form a hierarchical overlay to eventually reach a centralized attack monitoring center. The alarm messages are used to construct an attack path and determine the origin of the attack. We present simulation results to demonstrate the effectiveness of our proposed metric.",

keywords = "Anonymous networks, DDoS, Intrusion detection",

author = "Athreya, {Arjun P.} and Xiao Wang and Kim, {Yu Seung} and Yuan Tian and Patrick Tague",

note = "Funding Information: This research was supported through the Northrop Grumman Cybersecurity Research Consortium. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of Northrop Grumman or Carnegie Mellon University.; 14th International Workshop on Information Security Applications, WISA 2013 ; Conference date: 19-08-2013 Through 21-08-2013",

year = "2014",

doi = "10.1007/978-3-319-05149-9_11",

language = "English (US)",

isbn = "9783319051482",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "174--188",

booktitle = "Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers",

}

TY - GEN

T1 - Resistance is not futile

T2 - 14th International Workshop on Information Security Applications, WISA 2013

AU - Athreya, Arjun P.

AU - Wang, Xiao

AU - Kim, Yu Seung

AU - Tian, Yuan

AU - Tague, Patrick

N1 - Funding Information: This research was supported through the Northrop Grumman Cybersecurity Research Consortium. The views and conclusions contained here are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either express or implied, of Northrop Grumman or Carnegie Mellon University.

PY - 2014

Y1 - 2014

N2 - Packets in anonymous networks are fully protected. Therefore, traditional methods relying on packet header and higher layer information do not work to detect Distributed-Denial-of-Service (DDoS) attacks in anonymous networks. In this paper we propose to use observable statistics at routers that need no packet inspection to infer the presence of an attack. We propose packet resistance as a metric to detect the presence of attacks which reduce the availability of channel bandwidth for wireless routers in the core network. Our proposed detection framework is distributed, wherein each router in the network core monitors and reports its findings to an intermediate router. These intermediate routers form a hierarchical overlay to eventually reach a centralized attack monitoring center. The alarm messages are used to construct an attack path and determine the origin of the attack. We present simulation results to demonstrate the effectiveness of our proposed metric.

AB - Packets in anonymous networks are fully protected. Therefore, traditional methods relying on packet header and higher layer information do not work to detect Distributed-Denial-of-Service (DDoS) attacks in anonymous networks. In this paper we propose to use observable statistics at routers that need no packet inspection to infer the presence of an attack. We propose packet resistance as a metric to detect the presence of attacks which reduce the availability of channel bandwidth for wireless routers in the core network. Our proposed detection framework is distributed, wherein each router in the network core monitors and reports its findings to an intermediate router. These intermediate routers form a hierarchical overlay to eventually reach a centralized attack monitoring center. The alarm messages are used to construct an attack path and determine the origin of the attack. We present simulation results to demonstrate the effectiveness of our proposed metric.

KW - Anonymous networks

KW - DDoS

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=84958534658&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958534658&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-05149-9_11

DO - 10.1007/978-3-319-05149-9_11

M3 - Conference contribution

AN - SCOPUS:84958534658

SN - 9783319051482

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 174

EP - 188

BT - Information Security Applications - 14th International Workshop, WISA 2013, Revised Selected Papers

PB - Springer Verlag

Y2 - 19 August 2013 through 21 August 2013

ER -

Resistance is not futile: Detecting DDoS attacks without packet inspection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this