An inter-domain collaboration scheme to remedy DDoS attacks in computer networks

Simpson, S., Shirazi, S. N., Marnerides, A., Jouet, S. and Pezaros, D. (2018) An inter-domain collaboration scheme to remedy DDoS attacks in computer networks. IEEE Transactions on Network and Service Management, (doi:10.1109/TNSM.2018.2828938) (Early Online Publication)

[img]
Preview
Text
160935.pdf - Published Version
Available under License Creative Commons Attribution.

1MB

Abstract

Distributed Denial-of-Service (DDoS) attacks continue to trouble network operators and service providers, and with increasing intensity. Effective response to DDoS can be slow (because of manual diagnosis and interaction) and potentially self-defeating (as indiscriminate filtering accomplishes a likely goal of the attacker), and this is the result of the discrepancy between the service provider’s flow-based, application-level view of traffic and the network operator’s packet-based, network-level view and limited functionality. Furthermore, a network required to take action may be in an Autonomous System (AS) several AShops away from the service, so it has no direct relationship with the service on whose behalf it acts. This paper presents Antidose, a means of interaction between a vulnerable peripheral service and an indirectly related AS that allows the AS to confidently deploy local filtering with discrimination under the control of the remote service. We implement the core filtering mechanism of Antidose, and provide an analysis of it to demonstrate that conscious attacks against the mechanism will not expose the AS to additional attacks. We present a performance evaluation to show that the mechanism is operationally feasible in the emerging trend of operators’ willingness to increase the programmability of their hardware with SDN technologies such as OpenFlow, as well as to act to mitigate attacks on downstream customers.

Item Type:Articles
Status:Early Online Publication
Refereed:Yes
Glasgow Author(s) Enlighten ID:Jouet, Mr Simon and Pezaros, Dr Dimitrios
Authors: Simpson, S., Shirazi, S. N., Marnerides, A., Jouet, S., and Pezaros, D.
College/School:College of Science and Engineering > School of Computing Science
Journal Name:IEEE Transactions on Network and Service Management
Publisher:Institute of Electrical and Electronics Engineers
ISSN:1932-4537
ISSN (Online):1932-4537
Published Online:20 April 2018
Copyright Holders:Copyright © 2018 The Authors
First Published:First published in IEEE Transactions on Network and Service Management 2018
Publisher Policy:Reproduced under a Creative Commons License

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
709131Network Measurement as a Service (MaaS)Dimitrios PezarosEngineering and Physical Sciences Research Council (EPSRC)EP/N033957/1COM - COMPUTING SCIENCE
643481A Situation-aware information infrastructureDimitrios PezarosEngineering and Physical Sciences Research Council (EPSRC)EP/L026015/1COM - COMPUTING SCIENCE