|
 ABSTRACT
In the context of autonomic environment, we present a simple yet, effective Danger Theory based method to detect TCP SYN Flooding attack. An autonomous communication network consists of self-managed (i.e. self-configuring, self-awareness, self-optimization, self-healing and self-protection, collectively denoted as self-*) entities. These self-* properties ensure functioning of the network without or very minimum human intervention. In such an environment, security of the system is very challenging as there is no dedicated authority to monitor malicious activities and each entity, the computing device, has to monitor itself. Denial of service (DoS) attack, in particular flooding attack, is one of the most frequent and devastating attacks on networks. Traditionally, the detection of flooding attacks is achieved by a network-based intrusion detection system (IDS), mainly relying on the statistical characteristics of network data with fine tuning from a human administrator by monitoring the traffic continuously. Obviously, such facility is not assumed in autonomic networks. We, therefore, propose a danger theory based approach that can detect DoS attack in an automatic manner. The proposed scheme is able to detect SYN flood attack in its early stage, thereby enabling to control the damage. To empirically validate our proposal, we conduct experiments in a simulated environment and the results are encouraging. We assert that the work will be useful in designing the security of autonomic networks.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
U. Aickelin, P.J. Bentley, S. Cayzer, J. Kim, and J. McLeod. Danger theory: The link between AIS and IDS. In Proc. of 2nd Internation Conference on Artificial Immune Systems (ICARIS-03), volume 2787 of LNCS, pages 147--155. Springer, 2003.
|
| |
2
|
U. Aickelin and S. Cayzer. The danger theory and its application to artificial immune systems. In Proc. of 1st International Conference on Artificial Immune Systems (ICARIS), pages 41--148, University of Kent at Canterbury, 2002.
|
| |
3
|
CASCADAS. EU Funded project: Component-ware for Autonomic Situation-aware Communications, and Dynamically Adaptable Services http://www.cascadas-project.org/.
|
| |
4
|
CERT Coordination Center. Denial of service attacks. Technical report, CERT, 1999. available at http://www.cert.org/tech_tips/denial_of_service.html.
|
| |
5
|
D.M. Chess, C.C. Palmer, and S.R. White. Security in an autonomic computing environment. IBM System Journal, 42(1):107--118, 2003.
|
| |
6
|
S. Dobson, S. Denazis, A. Fernandez, D. Gaiiti, E. Gelenbe, F. Massacci, P. Nixon, F. Saffre, N. Schmidt, and F. Zambonelli. A survey of autonomic communications. ACM Trans. Autonomous and Adaptive System, 1(2):223--259, 2006.
|
| |
7
|
S.A. Hofmeyr. An interpretative introduction to the immune system. In C.I. and S.L., editors, Design Principles for the Immune System and other Distributed Autonomous Systems, pages 3--27. Oxford University Press, 2000.
|
| |
8
|
P. Horn. Autonomic computing: IBM's perspective on the state of information technology. Technical report, IBM Corp, 2001.
|
| |
9
|
HP Research. HP autonomic research initiatives (Adaptive Enterprise) http://www.hpl.hp.com/research/infrastructure.html.
|
| |
10
|
Intel Research. Autonomic computing (special issue). Intel Technology Journal, 10(4), November 2006.available at: http://www.intel.com/technology/itj/2006/v10i4/index.htm.
|
| |
11
|
P. Matzinger. Tolerance, danger and the extended family. Annual Review in Immunology, 12:991--1045,1994.
|
| |
12
|
P. Matzinger. An innate sense of danger. Seminars in Immunology, 10:399--415, 1998.
|
| |
13
|
Y. Ohsita, S. Ata, and M. Murata. Detecting distributed denial-of-service by analyzing TCP SYN packets statistically. IEICE Transactions on Communications, E89-B(10):2868--2877, 2004.
|
| |
14
|
T. Peng, C. Leckie, and K. Ramamohanarao. Detecting distributed denial of service attacks using source IP address monitoring. In Proc. of the Third International IFIP-TC6 Networking Conference (Networking 2004), volume 3042 of LNCS, pages 771--782, Athens, Greece, 2004. Springer.
|
| |
15
|
S. Sarafijanovic and J.-Y. L. Boudec. An artificial immune system approach with secondary response for misbehavior detection in mobile ad-hoc networks. IEEE Transactions on Neural Networks, Special Issue on Adaptive Learning Systems in Communication Networks, 16(5):1076--1087, 2005.
|
| |
16
|
S. Sarafijanovic and J.-Y. L. Boudec. An artificial immune system for misbehavior detection in mobile ad-hoc networks with virtual thymus, clustering, danger signal and memory detectors. International Journal of Unconventional Computing, 1:221--254, 2005.
|
| |
17
|
V.A. Siris and F. Papagalou. Application of anomaly detection algorithms for detecting SYN Fooding attacks. In Proc. of IEEE Global Telecommunications Conference, pages 2050--2054, Dallas TX, 2004. IEEE.
|
| |
18
|
StOrM. SYN food attack code: Synful.c. Technical report, March 2005. available at: http://www.buha.info/files/user/html/id_sources_synful.c.html.
|
| |
19
|
H. Wang, D. Zhang, and K.G. Shin. Detecting SYN fooding attacks. In Proc. of the IEEE International conference INFOCOMM 2002, pages 1530--1539. IEEE Computer Society, 2002.
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4