##
**An adaptive approach for defending against DDoS attacks.**
*(English)*
Zbl 1189.68020

Summary: In various network attacks, the Distributed Denial-of-Service (DDoS) attack is a severe threat. In order to deal with this kind of attack in time, it is necessary to establish a special type of defense system to change strategy dynamically against attacks. In this paper, we introduce an adaptive approach, which is used for defending against DDoS attacks, based on normal traffic analysis. The approach can check DDoS attacks and adaptively adjust its configurations according to the network condition and attack severity. In order to insure the common users to visit the victim server that is being attacked, we provide a nonlinear traffic control formula for the system. Our simulation test indicates that the nonlinear control approach can prevent the malicious attack packets effectively while making legitimate traffic flows arrive at the victim.

### MSC:

68M10 | Network design and communication in computer systems |

90B18 | Communication networks in operations research |

PDF
BibTeX
XML
Cite

\textit{M. Li} and \textit{M. Li}, Math. Probl. Eng. 2010, Article ID 570940, 15 p. (2010; Zbl 1189.68020)

### References:

[1] | A. Hussain, J. Heidemann, and C. Papadopoulos, “A framework for classifying denial of service attacks,” in Proceedings of the ACM Conference on Internet Measurement (SIGCOMM ’03), pp. 99-110, Karlsruhe, Germany, August 2003. |

[2] | K. Hwang, Y. Chen, and H. Liu, “Defending distributed systems against malicious intrusions and network anomalies,” in Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium, p. 286.1, April 2005. |

[3] | J. Mirkovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” Computer Communication Review, vol. 34, no. 2, pp. 39-53, 2004. · Zbl 05395356 |

[4] | D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems, vol. 24, no. 2, pp. 115-139, 2006. · Zbl 05456669 |

[5] | “Background on DDoS,” 2008, http://www.ddos.com/index.php?content=products/background.html. |

[6] | Y. Chen, Y. Kwok, and K. Hwang, “MAFIC: adaptive packet dropping for cutting malicious flows to push back DDoS attacks,” in Proceedings of the IEEE International Conference on Distributed Computing Systems Workshops, pp. 123-129, June 2005. |

[7] | H. Aljifri, “IP traceback: a new denial-of-service deterrent?” IEEE Security and Privacy, vol. 1, no. 3, pp. 24-31, 2003. · Zbl 05103078 |

[8] | S. Savage, D. Wetherall, A. Karlin, and T. Anderson, “Practical network support for IP traceback,” Computer Communication Review, vol. 30, no. 4, pp. 295-306, 2000. |

[9] | P. Barford, J. Kline, D. Plonka, and A. Ron, “A signal analysis of network traffic anomalies,” in Proceedings of the 2nd Internet Measurement Workshop (IMW ’02), pp. 71-82, November 2002. |

[10] | M. Li, “An approach to reliably identifying signs of DDOS flood attacks based on LRD traffic pattern recognition,” Computers and Security, vol. 23, no. 7, pp. 549-558, 2004. |

[11] | M. Li, M. Li, and X. Jiang, “DDoS attacks detection model and its application,” WSEAS Transactions on Computers, vol. 7, no. 8, pp. 1159-1168, 2008. |

[12] | M. Li and M. Li, “A new approach for detecting DDoS attacks based on wavelet analysis,” in Proceedings of the 2nd International Congress on Image and Signal Processing (CISP ’09), October 2009. |

[13] | Y. Gu, A. McCallum, and D. Towsley, “Detecting anomalies in network traffic using maximum entropy estimation,” in Proceedings of the 5th ACM Conference on Internet Measurement (SIGCOMM ’05), pp. 345-350, 2005. |

[14] | M. Cai, Y. Chen, Y. K. Kwok, and K. Hwang, “A scalable set-union counting approach to pushing back DDoS attacks,” Tech. Rep. TR-2004-21, USC GridSec, October 2004. |

[15] | C. C. Zou, N. Duffield, D. Towsley, and W. Gong, “Adaptive defense against various network attacks,” US patent no. US7,587,761 b2, September 2009. |

[16] | Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141-155, 2006. · Zbl 05113065 |

[17] | Y.-K. Kwok, R. Tripathi, Y. Chen, and K. Hwang, “HAWK: halting anomalies with weighted choKing to rescue well-behaved TCP sessions from shrew DDoS attacks,” in Proceedings of the 3rd International Conference on Computer Network and Mobile Computing (ICCNMC ’05), vol. 3619 of Lecture Notes in Computer Science, pp. 423-432, February 2005. |

[18] | K. Park and H. Lee, “On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets,” in Proceedings of the ACM Conference on Internet Measurement (SIGCOMM ’01), pp. 15-26, August 2001. |

[19] | A. Dainotti, A. PescapĂ©, and G. Ventre, “Wavelet-based detection of DoS attacks,” in Proceedings of IEEE Global Telecommunications Conference (GLOBECOM ’06), pp. 1-6, San Francisco, Calif, USA, November 2006. |

[20] | G. Carl, R. R. Brooks, and S. Rai, “Wavelet based Denial-of-Service detection,” Computers and Security, vol. 25, no. 8, pp. 600-615, 2006. |

[21] | J. Gao, G. Hu, X. Yao, and R. K. C. Chang, “Anomaly detection of network traffic based on wavelet packet,” EURASIP Journal on Advances in Signal Processing, pp. 1-16, 2009. |

[22] | M. Hamdi and N. Boudriga, “Detecting Denial-of-Service attacks using the wavelet transform,” Computer Communications, vol. 30, no. 16, pp. 3203-3213, 2007. · Zbl 05397952 |

[23] | B. Liu, Y. Li, Y. Hou, and X. Sui, “The identification and correction of outline based on wavelet transformation of traffic flow,” in Proceedings of the International Conference on Wavelet Analysis and Pattern Recognition, pp. 2-4, Beijing, China, November 2007. |

[24] | M. Li, “Change trend of averaged Hurst parameter of traffic under DDOS flood attacks,” Computers and Security, vol. 25, no. 3, pp. 213-220, 2006. |

[25] | C. Jin, H. Wang, and K. G. Shin, “Hop-count filtering: an effective defense against spoofed DDoS traffic,” in Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 30-41, October 2003. |

[26] | W. Lee, W. Fan, M. Miller, S. J. Stolfo, and E. Zadok, “Toward cost-sensitive modeling for intrusion detection and response,” Journal of Computer Security, vol. 10, no. 1-2, pp. 5-22, 2002. |

[27] | X. Lu, W. Hu, and M. Li, “Capturing packets of network traffic using WinPcap,” International Journal Electronics and Computers, vol. 1, no. 2, pp. 169-172, 2009. |

[28] | K. J. Astrom, Adaptive Control, Prentice Hall, Upper Saddle River, NJ, USA, 2nd edition, 1994. · Zbl 0434.92027 |

[29] | M. Li, J. Li, and W. Zhao, “Experimental study of DDOS attacking of flood type based on NS2,” International Journal Electronics and Computers, vol. 1, no. 2, pp. 143-152, 2009. |

[30] | M. Li, “Fractal time series-a tutorial review,” Mathematical Problems in Engineering, vol. 2010, Article ID 157264, 26 pages, 2010. · Zbl 1191.37002 |

[31] | M. Li and W. Zhao, “Representation of a stochastic traffic bound,” IEEE Transactions on Parallel and Distributed Systems. Preprint. |

[32] | M. Li and W. Zhao, “Variance bound of ACF estimation of one block of fGn with LRD,” Mathematical Problems in Engineering, vol. 2010, Article ID 560429, 14 pages, 2010. · Zbl 1191.94042 |

[33] | M. Li, “Generation of teletraffic of generalized Cauchy type,” Physica Scripta, vol. 81, no. 2, Article ID 025007, 10 pages, 2010. · Zbl 1191.90013 |

[34] | M. Li and J.-Y. Li, “On the predictability of long-range dependent series,” Mathematical Problems in Engineering, vol. 2010, Article ID 397454, 9 pages, 2010. · Zbl 1191.62160 |

[35] | M. Li and S. C. Lim, “Modeling network traffic using generalized Cauchy process,” Physica A, vol. 387, no. 11, pp. 2584-2594, 2008. |

[36] | M. Li, S. C. Lim, and W. Zhao, “Investigating multi-fractality of network traffic using local Hurst function,” Advanced Studies in Theoretical Physics, vol. 2, no. 10, pp. 479-490, 2008. |

[37] | M. Li, “Modeling autocorrelation functions of long-range dependent teletraffic series based on optimal approximation in Hilbert space-a further study,” Applied Mathematical Modelling, vol. 31, no. 3, pp. 625-631, 2007. · Zbl 1197.94006 |

[38] | M. Li and S. C. Lim, “A rigorous derivation of power spectrum of fractional Gaussian noise,” Fluctuation and Noise Letters, vol. 6, no. 4, pp. C33-C36, 2006. |

[39] | S. C. Lim and M. Li, “A generalized Cauchy process and its application to relaxation phenomena,” Journal of Physics A, vol. 39, no. 12, pp. 2935-2951, 2006. · Zbl 1090.82013 |

[40] | S. C. Lim, M. Li, and L. P. Teo, “Locally self-similar fractional oscillator processes,” Fluctuation and Noise Letters, vol. 7, no. 2, pp. L169-L179, 2007. |

[41] | S. C. Lim, M. Li, and L. P. Teo, “Langevin equation with two fractional orders,” Physics Letters A, vol. 372, no. 42, pp. 6309-6320, 2008. · Zbl 1225.82049 |

[42] | M. Li and P. Borgnat, “Forward for the special issue on traffic modeling, its computations and applications,” Telecommunication Systems, vol. 43, no. 3-4, pp. 145-146, 2010. |

[43] | M. Li, W.-S. Chen, and L. Han, “Correlation matching method for the weak stationarity test ofLRD traffic,” Telecommunication Systems, vol. 43, no. 3-4, pp. 181-195, 2010. · Zbl 05803250 |

[44] | M. Li and S. C. Lim, “Power spectrum of generalized Cauchy process,” Telecommunication Systems, vol. 43, no. 3-4, pp. 219-222, 2010. · Zbl 05803253 |

[45] | C. Cattani and J. Rushchitsky, Wavelet and Wave Analysis as Applied to Materials with Micro or Nanostructure, vol. 74 of Series on Advances in Mathematics for Applied Sciences, World Scientific, Hackensack, NJ, USA, 2007. · Zbl 1152.74001 |

[46] | C. Cattani, “Harmonic wavelet approximation of random, fractal and high frequency signals,” Telecommunication Systems, vol. 43, no. 3-4, pp. 207-217, 2010. |

[47] | C. Cattani and A. Kudreyko, “On the discrete harmonic wavelet transform,” Mathematical Problems in Engineering, vol. 2008, Article ID 687318, 7 pages, 2008. · Zbl 1166.65404 |

[48] | C. Cattani and A. Kudreyko, “Application of periodized harmonic wavelets towards solution of eigenvalue problems for integral equations,” Mathematical Problems in Engineering, vol. 2010, Article ID 570136, 8 pages, 2010. · Zbl 1191.65175 |

[49] | C. Cattani, “Harmonic wavelet analysis of a localized fractal,” International Journal of Engineering and Interdisciplinary Mathematics, vol. 1, no. 1, pp. 35-44, 2009. |

[50] | G. Toma, “Specific differential equations for generating pulse sequences,” Mathematical Problems in Engineering, vol. 2010, Article ID 324818, 11 pages, 2010. · Zbl 1191.37052 |

[51] | E. G. Bakhoum and C. Toma, “Mathematical transform of traveling-wave equations and phase aspects of quantum interaction,” Mathematical Problems in Engineering, vol. 2010, Article ID 695208, 15 pages, 2010. · Zbl 1191.35220 |

[52] | W. S. Chen, “Galerkin-Shannon of Debye’s wavelet method for numerical solutions to the natural integral equations,” International Journal of Engineering and Interdisciplinary Mathematics, vol. 1, no. 1, pp. 63-73, 2009. |

[53] | C. Cattani and A. Kudreyko, “Harmonic wavelet method towards solution of the Fredholm type integral equations of the second kind,” Applied Mathematics and Computation, vol. 215, no. 12, pp. 4164-4171, 2010. · Zbl 1186.65160 |

This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.