A collaborative approach to facilitate intrusion detection and response against DDoS attacks.

Zargar, Saman Taghavi; Joshi, James

doi:10.4108/icst.collaboratecom.2010.46

Cited by 14 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These overheads get even worse if each router does redundant detection and response through the path to the destination [86], which can present a significant burden. Various researchers have proposed different approaches to reduce the amount of storage and consumption of CPU cycles for detection and response at the routers such as Bloom filters [78] [87], Packet sampling [88], etc.…”

Section: Destination-based Mechanismsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

Zargar

Joshi

Tipper

2013

IEEE Commun. Surv. Tutorials

Self Cite

1,076

572

View full text Add to dashboard Cite

Abstract-Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks.In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.

show abstract

Section: Destination-based Mechanismsmentioning

confidence: 99%

“…But these approaches are not sufficient when routers still do redundant jobs. Moreover, reducing the amount of redundant detection and response between the routers requires coordination among them [86]. Different communication protocols have been proposed to coordinate attack detection and response among the routers [1].…”

Section: Destination-based Mechanismsmentioning

confidence: 99%

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

Zargar

Joshi

Tipper

2013

IEEE Commun. Surv. Tutorials

Self Cite

1,076

572

View full text Add to dashboard Cite

show abstract

“…Collaboration also increases attack detection and the speed and strength of prevention efforts. Distributed detection and prevention of the attacks within/among cloud providers can reduce the complexity of redundant monitoring of attack flows [6] at different check points which should be one of the main features in the next generation of IDPSs suitable for cloud environments. Creating comprehensive local/global databases to be used for detection tasks by IDPSs is another major requirement in order for IDPSs to act as a comprehensive defense mechanism.…”

Section: Motivationmentioning

confidence: 99%

“…Based on where detection and response occurs in the system, IDPSs can be categorized into three different types: host-based IDPSs (HIDPSs), network-based IDPS (NIDPSs), and Hybrid IDPSs (also known as Distributed IDPSs [2]) which includes both host-based and network-based sensors [6], [8]. HIDPSs are not capable of detecting attacks before the end-system is compromised.…”

Section: Intrusion Detection and Prevention Systemsmentioning

confidence: 99%

“…Hybrid IDPSs extend intrusion detection and packet filtering to the network routers by employing NIDPSs. Distributed and collaborative NIDPSs [6], [7] may be employed on the network infrastructure layer to detect and respond to the attacks effectively and in real-time. Each router within a collaborative cluster of routers and hosts interacts with each of the three local databases to detect and respond to the attacks.…”

Section: Distributed Collaborative and Data-driven Idp Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

DCDIDP: A Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention Framework for Cloud Computing Environments

Zargar

Takabi

Joshi

2011

Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing

View full text Add to dashboard Cite

Abstract-With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Datadriven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers.

show abstract

Collaborative Intrusion Detection in the Era of IoT: Recent Advances and Challenges

Li¹,

Meng²

2021

Security and Privacy in the Internet of Things

View full text Add to dashboard Cite

A collaborative approach to facilitate intrusion detection and response against DDoS attacks.

Cited by 14 publications

References 5 publications

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks

DCDIDP: A Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention Framework for Cloud Computing Environments

Collaborative Intrusion Detection in the Era of IoT: Recent Advances and Challenges

Contact Info

Product

Resources

About