Detecting Service Violations and DoS Attacks

Get BibTex-formatted data

Download

PDF

Author

Ahsan Habib, Mohamed Hefeeda, Bharat Bhargava

Tech report number

CERIAS TR 2002-15

Entry type

techreport

Abstract

Denial of Service (DoS) attack is a serious threat for the Internet. DoS attack can consume memory, CPU, and network resources and damage or shutdown the operation of the resource under attack (victim). A common DoS attack floods a network with bogus traffic so that legitimate users may not be able to communicate. There are several proposals to {\\em traceback} the network attack path to identify the source that causes the DoS attack. This is an effective solution to trace the attacker but it is not preventive in nature. {\\em Ingress filtering} and {\\em Route-based filtering} are two proactive approaches to stop DoS attacks. These solutions check source addresses of incoming packets to ensure they are coming from legitimate sources or traversing through proper routes. We study several existing schemes that deal with DoS attacks. We describe several network monitoring approaches to detect service violations and DoS attacks. In addition, we propose a new distributed scheme to reduce monitoring overhead. Finally, a quantitative comparison among all schemes is conducted, in which, we highlight the merits of each scheme and estimate the overhead (both computation and communication) introduced by it. The comparison provides guidelines for selecting the appropriate scheme, or a combination of schemes, based on the requirements and how much overhead can be tolerated.

Download

PDF

URL

https://www.cerias.purdue.edu/papers/archive/2002-15.ps

School

Purdue University, West Lafayette, IN 47906

Affiliation

CERIAS and Department of Computer Sciences

Publication Date

1900-01-01

Keywords

DoS attacks, IP Traceback, Filtering, Network Monitoring

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ ,
	title = "Detecting Service Violations and DoS Attacks",
	author = "Ahsan Habib, Mohamed Hefeeda, Bharat Bhargava",
	school = "Purdue University, West Lafayette, IN 47906",
	abstract = "Denial of Service (DoS) attack is a serious threat for the Internet. DoS attack can
consume  memory, CPU, and network resources and damage or shutdown the operation of the resource under attack (victim). A common DoS attack floods  a network with bogus traffic so that legitimate
users may not be able to communicate.
There are several proposals to {\\em traceback} the network attack path to identify the source that causes the DoS attack. This is an effective solution to trace the attacker but it is not preventive in nature. {\\em Ingress filtering} and
{\\em Route-based filtering} are two proactive approaches to stop DoS attacks.
These solutions check source addresses of incoming packets to ensure they are coming from legitimate sources or traversing
through proper routes.  We study several existing schemes that deal with DoS attacks.
We describe several network monitoring approaches to detect service
violations and DoS attacks. In addition, we propose a new distributed  scheme to reduce monitoring overhead. Finally, a quantitative comparison among all
schemes is conducted, in which, we highlight the merits of each scheme and estimate the overhead (both computation and communication) introduced by it. The comparison provides guidelines for selecting the appropriate scheme, or a combination of schemes, based on the requirements and how much overhead can be tolerated.
",
	affiliation = "CERIAS and Department of Computer Sciences",
	keywords = "DoS attacks, IP Traceback, Filtering, Network Monitoring",
	url = "https://www.cerias.purdue.edu/papers/archive/2002-15.ps",
}