TY - GEN
T1 - Optimizing agent placement for flow reconstruction of DDoS attacks
AU - Demir, Ömer
AU - Khan, Bilal
AU - Ben Brahim, Ghassen
AU - Al-Fuqaha, Ala
PY - 2013
Y1 - 2013
N2 - The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.
AB - The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.
KW - DDoS
KW - Flow reconstruction
KW - Network traffic
UR - http://www.scopus.com/inward/record.url?scp=84883672140&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883672140&partnerID=8YFLogxK
U2 - 10.1109/IWCMC.2013.6583539
DO - 10.1109/IWCMC.2013.6583539
M3 - Conference contribution
AN - SCOPUS:84883672140
SN - 9781467324793
T3 - 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
SP - 83
EP - 89
BT - 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
T2 - 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
Y2 - 1 July 2013 through 5 July 2013
ER -