Optimizing agent placement for flow reconstruction of DDoS attacks

Ömer Demir, Bilal Khan, Ghassen Ben Brahim, Ala Al-Fuqaha

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.

Original languageEnglish (US)
Title of host publication2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
Pages83-89
Number of pages7
DOIs
StatePublished - Sep 16 2013
Event2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013 - Cagliari, Sardinia, Italy
Duration: Jul 1 2013Jul 5 2013

Publication series

Name2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013

Other

Other2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013
CountryItaly
CityCagliari, Sardinia
Period7/1/137/5/13

Fingerprint

Internet
Denial-of-service attack
Concretes

Keywords

  • DDoS
  • Flow reconstruction
  • Network traffic

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Demir, Ö., Khan, B., Ben Brahim, G., & Al-Fuqaha, A. (2013). Optimizing agent placement for flow reconstruction of DDoS attacks. In 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013 (pp. 83-89). [6583539] (2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013). https://doi.org/10.1109/IWCMC.2013.6583539

Optimizing agent placement for flow reconstruction of DDoS attacks. / Demir, Ömer; Khan, Bilal; Ben Brahim, Ghassen; Al-Fuqaha, Ala.

2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013. 2013. p. 83-89 6583539 (2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Demir, Ö, Khan, B, Ben Brahim, G & Al-Fuqaha, A 2013, Optimizing agent placement for flow reconstruction of DDoS attacks. in 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013., 6583539, 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013, pp. 83-89, 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013, Cagliari, Sardinia, Italy, 7/1/13. https://doi.org/10.1109/IWCMC.2013.6583539
Demir Ö, Khan B, Ben Brahim G, Al-Fuqaha A. Optimizing agent placement for flow reconstruction of DDoS attacks. In 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013. 2013. p. 83-89. 6583539. (2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013). https://doi.org/10.1109/IWCMC.2013.6583539
Demir, Ömer ; Khan, Bilal ; Ben Brahim, Ghassen ; Al-Fuqaha, Ala. / Optimizing agent placement for flow reconstruction of DDoS attacks. 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013. 2013. pp. 83-89 (2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013).
@inproceedings{340112bf504a4f3fbeb45a50044fcfc8,
title = "Optimizing agent placement for flow reconstruction of DDoS attacks",
abstract = "The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.",
keywords = "DDoS, Flow reconstruction, Network traffic",
author = "{\"O}mer Demir and Bilal Khan and {Ben Brahim}, Ghassen and Ala Al-Fuqaha",
year = "2013",
month = "9",
day = "16",
doi = "10.1109/IWCMC.2013.6583539",
language = "English (US)",
isbn = "9781467324793",
series = "2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013",
pages = "83--89",
booktitle = "2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013",

}

TY - GEN

T1 - Optimizing agent placement for flow reconstruction of DDoS attacks

AU - Demir, Ömer

AU - Khan, Bilal

AU - Ben Brahim, Ghassen

AU - Al-Fuqaha, Ala

PY - 2013/9/16

Y1 - 2013/9/16

N2 - The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.

AB - The Internet today continues to be vulnerable to distributed denial of service (DDoS) attacks. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires placement of agents on inter-autonomous system (AS) links in the Internet. The agents implement a self-organizing and totally decentralized mechanism capable of reconstructing topological information about the spatial and temporal structure of attacks. The system is effective at recovering DDoS attack structure, even at moderate levels of deployment. In this paper, we demonstrate how careful placement of agents within the system can improve the system's effectiveness and provide better tradeoffs between system parameters and the quality of structural information the system generates. We introduced two agent placement algorithms for our agent-based DDoS system. The first attempts to maximize the percentage of attack flows detected, while the second tries to maximize the extent to which we are able to trace back detected flows to their sources. We show, somewhat surprisingly, these two objectives are concomitant. Placement of agents in a manner which optimizes in the first criterion tends also to optimize with respect to the second criterion, and vice versa. Both placement schemes show a marked improvement over a system in which agents are placed randomly, and thus provide a concrete design process by which to instrument a DDoS flow reconstruction system that is effective at recovering attack structure in large networks at moderate levels of deployment.

KW - DDoS

KW - Flow reconstruction

KW - Network traffic

UR - http://www.scopus.com/inward/record.url?scp=84883672140&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883672140&partnerID=8YFLogxK

U2 - 10.1109/IWCMC.2013.6583539

DO - 10.1109/IWCMC.2013.6583539

M3 - Conference contribution

AN - SCOPUS:84883672140

SN - 9781467324793

T3 - 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013

SP - 83

EP - 89

BT - 2013 9th International Wireless Communications and Mobile Computing Conference, IWCMC 2013

ER -