Imperial College London
Portrait Picture

ProfessorMorrisSloman

Faculty of EngineeringDepartment of Computing

Emeritus Professor of Distributed Systems Management
 
 
 
//

Contact

 

m.sloman Website

 
 
//

Location

 

Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Thing:2009:10.1109/TNSM.2009.03.090303,
author = {Thing, V and Sloman, M and Dulay, N},
doi = {10.1109/TNSM.2009.03.090303},
journal = {IEEE Transactions on Network and Service Management},
pages = {163--174},
title = {Locating Network Domain Entry and Exit point/path for DDoS Attack Traffic},
url = {http://dx.doi.org/10.1109/TNSM.2009.03.090303},
volume = {6},
year = {2009}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - A method to determine entry and exit points or paths of DDoS attack traffic flows into and out of network domains is proposed. We observe valid source addresses seen by routers from sampled traffic under non-attack conditions. Under attack conditions, we detect route anomalies by determining which routers have been used for unknown source addresses, to construct the attack paths. We consider deployment issues and show results from simulations to prove the feasibility of our scheme. We then implement our Traceback mechanism in C++ and more realistic experiments are conducted. The experiments show that accurate results, with high traceback speed of a few seconds, are achieved. Compared to existing techniques, our approach is non-intrusive, not requiring any changes to the Internet routers and data packets. Precise information regarding the attack is not required allowing a wide variety of DDoS attack detection techniques to be used. The victim is also relieved from the traceback task during an attack. The scheme is simple and efficient, allowing for a fast traceback, and scalable due to the distribution of processing workload.
AU  - Thing,V
AU  - Sloman,M
AU  - Dulay,N
DO  - 10.1109/TNSM.2009.03.090303
EP  - 174
PY  - 2009///
SN  - 1932-4537
SP  - 163
TI  - Locating Network Domain Entry and Exit point/path for DDoS Attack Traffic
T2  - IEEE Transactions on Network and Service Management
UR  - http://dx.doi.org/10.1109/TNSM.2009.03.090303
UR  - http://dl.dropbox.com/u/1002205/NITE-tnsm.pdf
UR  - http://hdl.handle.net/10044/1/5300
VL  - 6
ER  -
Download