Presentation 2005-09-16
Identification of Attack Nodes from Traffic Matrix Estimation
Yuichi OHSITA, Shingo ATA, Masayuki MURATA,
PDF Download Page PDF download Page Link
Abstract(in Japanese) (See Japanese page)
Abstract(in English) Distributed denial-of-service attacks on public servers have recently become more serious. The most effective way to prevent the attack traffic is to identify attacking nodes and detach (or block) attack nodes at egress routers of them. Existing traceback mechanism, however, are not widely used today because of e.g., replacements of many routers to support traceback capability, or difficulties to distinguish attack and legitimate traffic. In this paper, we propose a new scheme to enable a traceback from a victim to attack nodes. More specifically, we identify egress routers to which attack nodes are connecting by estimating traffic matrix between arbitral source-destination edge pairs. By monitoring traffic variations obtained by the traffic matrix, we identify the edge routers forwarding attack traffic which have a sharp traffic increase to the victim. We also evaluate the effectiveness of our proposed scheme through simulation, and show that our method can identify attack sources accurately.
Keyword(in Japanese) (See Japanese page)
Keyword(in English) Distributed Denial of Service (DDoS) / Traceback / Traffic matrix / Simple Network Management Protocol (SNMP)
Paper # NS2005-86,IN2005-74,CS2005-32
Date of Issue

Conference Information
Committee NS
Conference Date 2005/9/8(1days)
Place (in Japanese) (See Japanese page)
Place (in English)
Topics (in Japanese) (See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To Network Systems(NS)
Language JPN
Title (in Japanese) (See Japanese page)
Sub Title (in Japanese) (See Japanese page)
Title (in English) Identification of Attack Nodes from Traffic Matrix Estimation
Sub Title (in English)
Keyword(1) Distributed Denial of Service (DDoS)
Keyword(2) Traceback
Keyword(3) Traffic matrix
Keyword(4) Simple Network Management Protocol (SNMP)
1st Author's Name Yuichi OHSITA
1st Author's Affiliation Graduate School of Information Science and Technology, Osaka University()
2nd Author's Name Shingo ATA
2nd Author's Affiliation Graduate School of Engeneering, Osaka City University
3rd Author's Name Masayuki MURATA
3rd Author's Affiliation Graduate School of Information Science and Technology, Osaka University
Date 2005-09-16
Paper # NS2005-86,IN2005-74,CS2005-32
Volume (vol) vol.105
Number (no) 278
Page pp.pp.-
#Pages 6
Date of Issue