| Presentation | 2005-09-16 Identification of Attack Nodes from Traffic Matrix Estimation Yuichi OHSITA, Shingo ATA, Masayuki MURATA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent the attack traffic is to identify attacking nodes and detach (or block) attack nodes at egress routers of them. Existing traceback mechanism, however, are not widely used today because of e.g., replacements of many routers to support traceback capability, or difficulties to distinguish attack and legitimate traffic. In this paper, we propose a new scheme to enable a traceback from a victim to attack nodes. More specifically, we identify egress routers to which attack nodes are connecting by estimating traffic matrix between arbitral source-destination edge pairs. By monitoring traffic variations obtained by the traffic matrix, we identify the edge routers forwarding attack traffic which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Distributed Denial of Service (DDoS) / Traceback / Traffic matrix / Simple Network Management Protocol (SNMP) |
| Paper # | NS2005-86,IN2005-74,CS2005-32 |
| Date of Issue |
| Conference Information | |
| Committee | NS |
|---|---|
| Conference Date | 2005/9/8(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Network Systems(NS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Identification of Attack Nodes from Traffic Matrix Estimation |
| Sub Title (in English) | |
| Keyword(1) | Distributed Denial of Service (DDoS) |
| Keyword(2) | Traceback |
| Keyword(3) | Traffic matrix |
| Keyword(4) | Simple Network Management Protocol (SNMP) |
| 1st Author's Name | Yuichi OHSITA |
| 1st Author's Affiliation | Graduate School of Information Science and Technology, Osaka University() |
| 2nd Author's Name | Shingo ATA |
| 2nd Author's Affiliation | Graduate School of Engeneering, Osaka City University |
| 3rd Author's Name | Masayuki MURATA |
| 3rd Author's Affiliation | Graduate School of Information Science and Technology, Osaka University |
| Date | 2005-09-16 |
| Paper # | NS2005-86,IN2005-74,CS2005-32 |
| Volume (vol) | vol.105 |
| Number (no) | 278 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |