Paper Abstract and Keywords |
Presentation |
2005-09-16 10:45
Identification of attack sources by estimating traffic matrix Yuichi Ohsita (Osak Univ), Shingo Ata (Osaka City Univ), Masayuki Murata (Osak Univ) |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent the attack traffic is to identify attacking nodes and detach (or block) attack nodes at egress routers of them. Existing traceback mechanism, however, are not widely used today because of e.g., replacements of many routers to support traceback capability, or difficulties to distinguish attack and legitimate traffic. In this paper, we propose a new scheme to enable a traceback from a victim to attack nodes. More specifically, we identify egress routers to which attack nodes are connecting by estimating traffic matrix between arbitral source-destination edge pairs. By monitoring traffic variations obtained by the traffic matrix, we identify the edge routers forwarding attack traffic which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Distributed Denial of Service (DDoS) / Traceback / Traffic matrix / Simple Network Management Protocol (SNMP) / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 105, no. 279, IN2005-74, pp. 79-84, Sept. 2005. |
Paper # |
IN2005-74 |
Date of Issue |
2005-09-08 (NS, IN, CS) |
ISSN |
Print edition: ISSN 0913-5685 |
Download PDF |
|
Conference Information |
Committee |
CS IN NS |
Conference Date |
2005-09-15 - 2005-09-16 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Tohoku Univ. |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Active Network, IP-VPN, Network Security, High Speed Network, P2P Communication, Network Software, and Others |
Paper Information |
Registration To |
IN |
Conference Code |
2005-09-CS-IN-NS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Identification of attack sources by estimating traffic matrix |
Sub Title (in English) |
|
Keyword(1) |
Distributed Denial of Service (DDoS) |
Keyword(2) |
Traceback |
Keyword(3) |
Traffic matrix |
Keyword(4) |
Simple Network Management Protocol (SNMP) |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Yuichi Ohsita |
1st Author's Affiliation |
Osaka University (Osak Univ) |
2nd Author's Name |
Shingo Ata |
2nd Author's Affiliation |
Osaka City University (Osaka City Univ) |
3rd Author's Name |
Masayuki Murata |
3rd Author's Affiliation |
Osaka University (Osak Univ) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2005-09-16 10:45:00 |
Presentation Time |
90 minutes |
Registration for |
IN |
Paper # |
NS2005-86, IN2005-74, CS2005-32 |
Volume (vol) |
vol.105 |
Number (no) |
no.278(NS), no.279(IN), no.280(CS) |
Page |
pp.43-48(NS), pp.79-84(IN), pp.91-96(CS) |
#Pages |
6 |
Date of Issue |
2005-09-08 (NS, IN, CS) |
|