Optimizing agent placement for flow reconstruction of DDoS attacks

Ömer Demir, Bilal Khan, Ghassen Ben Brahim, Ala Al-Fuqaha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.

Original languageEnglish (US)
Title of host publication2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
Pages83-89
Number of pages7
DOIs
StatePublished - 2013
Externally publishedYes
Event2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013 - Cagliari, Sardinia, Italy
Duration: Jul 1 2013Jul 5 2013

Publication series

Name2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013

Other

Other2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
Country/TerritoryItaly
CityCagliari, Sardinia
Period7/1/137/5/13

Keywords

  • DDoS
  • Flow reconstruction
  • Network traffic

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Optimizing agent placement for flow reconstruction of DDoS attacks'. Together they form a unique fingerprint.

Cite this