Show simple item record

dc.contributor.advisorKim, Min Sik
dc.creatorLiu, Haiqin
dc.date.accessioned2013-09-20T18:39:54Z
dc.date.available2013-09-20T18:39:54Z
dc.date.issued2013
dc.identifier.urihttp://hdl.handle.net/2376/4726
dc.descriptionThesis (Ph.D.), School of Electrical Engineering and Computer Science, Washington State Universityen_US
dc.description.abstractDistributed Denial of Service (DDoS) attacks pose one of the most serious security threats to the Internet. In this work, we aimed to develop a collaborative defense framework against DDoS attacks in networks. We focus on two main phases, which are anomaly detection and filtering of malicious traffic, to achieve a successful defense against DDoS attacks. Our first accomplishment is to effectively detect DDoS traffic at local nodes. Our conducted experiments can be divided into three categories which are described as follows. Firstly, in order to detect the stealthy DDoS attack at an early stage, we proposed an effective detection scheme based on time-series decomposition method. Moreover, in order to more effectively defend against the attacks, our credit-based defense method is designed for pinpointing the malicious flows. In addition, in order to adapt to the high-speed environment, we present a two-level approach for scalable and accurate attack detection by exploiting the asymmetry in the attack traffic. At both detection levels, sketch structures are utilized to ensure the scalability of our scheme. Secondly, current defense systems are not scalable well to high-speed networks and few of them are able to defend against attacks originated from both spoofed and genuine source addresses effectively. Aimed at this problem, we propose a two-stage defense scheme to mitigate attacks. The main advantage of our defense approach is its space efficiency since it does not need to keep per-flow state. Moreover, both spoofed and genuine IP DDoS attacks can be well regulated. We finally extend the single-host sketch-based scheme to a distributed detection scheme and finally develop a collaborative defense scheme. In the distributed detection scheme, we deploy detectors in a certain number of edge routers at the edge side. The local analyzer periodically reports the local processed result to the global analyzer in order to infer the anomaly. The collaborative defense scheme is further developed to filter the malicious traffic. By combing both the host-based solutions with the network-wide solutions, we develop a comprehensive solution that can detect and defend against attacks more effectively. Experimental results using the real Internet traffic demonstrate its effectiveness.en_US
dc.description.sponsorshipSchool of Electrical Engineering and Computer Science, Washington State Universityen_US
dc.languageEnglish
dc.rightsIn copyright
dc.rightsPublicly accessible
dc.rightsopenAccess
dc.rights.urihttp://rightsstatements.org/vocab/InC/1.0/
dc.rights.urihttp://www.ndltd.org/standards/metadata
dc.rights.urihttp://purl.org/eprint/accessRights/OpenAccess
dc.subjectComputer science
dc.subjectAnomaly detection
dc.subjectCollaborative defense
dc.subjectDDoS defense
dc.subjectIntrusion detection
dc.subjectNetwork security
dc.subjectSketch detection
dc.titleA Collaborative Defense Framework Against DDoS Attacks in Networks
dc.typeElectronic Thesis or Dissertation


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record