Ataki DDoS - przegląd zagrożeń i środków zaradczych

• Autorzy: Gierszewski T. , Molisz W.

Warianty tytułu

EN

DDoS Attacs - A Survey of Threaths and Defense Mechanisms

• Języki publikacji: PL

Abstrakty

PL

Przedstawiono aktualny stan wiedzy związany z tematyką rozproszonych ataków odmowy świadczenia usług - DDoS. Tematyka jest o tyle aktualna, że współcześnie nie istnieje przyjęty, funkcjonujący sposób obrony przed atakami tego rodzaju. Jednocześnie obserwowana tendencja wzrastającej liczby ataków, a także coraz bardziej wyrafinowany ich charakter powoduje, że na rynku pojawiają się urządzenia i usługi, które mają zabezpieczać potencjalne czy potwierdzone ofiary. Podjęto próbę klasyfikacji ataków, mechanizmów obrony i wskazano motywacje atakujących.

EN

Paper presents actual state-of-the art in the field of Distributed Denial of Service Attacks - DDoS. Subject of the paper is actual, because no commonly accepted defense means exist. Since the growing trend of the volume of more and more sophisticated attacks is observed, devices and services protecting the potential victims appear on the market. Paper attempts to classify attacks, defense mechanisms and discuss motivations of attackers.

Słowa kluczowe

PL

atak DDoS; botnets; obrona przed atakami DDoS; metody kooperacyjne

EN

DDoS attacks; Botnets; defense against DDoS; collaborative methods

• Wydawca: Wydawnictwo SIGMA-NOT
• Czasopismo: Przegląd Telekomunikacyjny + Wiadomości Telekomunikacyjne
• Rocznik: 2014
• Tom: nr 8-9
• Strony: 720--728
• Opis fizyczny: Bibliogr. 53 poz., rys.

Twórcy

autor

Gierszewski T.

• Katedra Teleinformatyki, Wydział Elektroniki, Telekomunikacji i Informatyki Politechniki Gdańskiej

autor

Molisz W.

• Katedra Teleinformatyki, Wydział Elektroniki, Telekomunikacji i Informatyki Politechniki Gdańskiej

Bibliografia

• [1] Abliz M.:Internet Denial of Service Attacksand Defense Mechanisms, Univ. of Pittsburgh, Dept. of Computer Science, Technical Report. TR-11-178, 2011
• [2] Anderson T, Roscoe T, Wetherall D.: Preventing Internet denial-of-service with capabilities, SIGCOMM Comput. Commun. Rev., vol. 34(1), 2004
• [3] Argyraki K., Cheriton D. R.: Scalable network-layer defense against internet bandwidth-flooding attacks, IEEE/ACM Trans. Netw., vol. 17(4), 2009
• [4] Chan E. Y K. et al.: Intrusion Detection Routers: Design, Implementation and Evaluation Using an Experimental Testbed, IEEE J. Sel. Areas Commun., vol. 24(10) 2006
• [5] Chen R., Park J. M.: Attack Diagnosis: Throttling distributed denial-of-service attacks close to the attack sources, IEEE Conference on Computer Communications and Networks (ICCN), 2005
• [6] Chen R., Park J. M., Marchany R.: RIM: Router interface marking tor IP traceback, IEEE Global Telecommunications Conference (GLOBECOM), 2006
• [7] Chen R., Park J. M., Marchany R.: TRACK: A novel approach for defending against distributed denial-of-service attacks, Dept. of Electrical and Computer Engineering, Virginia Tech., Technical Report TR-ECE-06-02, 2006
• [8] Criscuolo R J.: Distributed Denial of Service: TrinOO, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319, CIAC-2319, California Univ. Livermore Radiation Lab, 2000
• [9] Digital Attack Map, online: http://www.digitalattackmap.com/
• [10] Douligeris C., Mitrokotsa A.: DDoS attacks and defense mechanisms: classification and state-of-the-art, Computer Networks, vol. 44, 2004
• [11] Ferguson R, Senie D.: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing, RFC 2267, 1998, zastąpiony przez RFC 2827, 2000
• [12] Fortinet: DDoS Attack Mitigation Appliances - FortiDDoS [online] http://www.fortinet.com/products/fortiddos/
• [13] GevaM., HerzbergA., Gev Y: Bandwidth Distributed Denial of Service: Attacks and Defenses, IEEE Security & Privacy, vol. 12(1), 2013
• [14] Glave J.: Smurfing cripples ISPs, Wired Technology News [online] http://www. wired.com/news /news/technology/story/9506.html, 1998
• [15] Holmes D.: The DDoS Threat Spectrum, [online] http://www.f5.com/pdf/white-papers/ddos-threat-spectrum-wp.pdf, 2012
• [16] Imperva: Four Steps to Defeat a DDoS Attack [online] http://www.imperva.(XinVciocs/WP_Four_Steps_to_Defeat_a_DDoS_Attack.pdf
• [17] Jalili R., Flmani-Meh. R: Detection of Distributed Denial of Service Attacks Using Statistical Pre-Processor and Unsupervised Neural Network, ISPEC, Springer-Verlag Berlin Heidelberg, 2005 [18] Kambourakis G., Moschos T, Geneiatakis D., Gritzalis S.: Detecting DNS Amplification Attacks, Critical Information Infrastructures Security, LNCS,vol.5141,2008
• [19] KandulaS., Katabi D., Jacob M., and BergerBotz-4-saleA. W: Surviving organized DDoS attacks that mimic flash crowds, in Proc. Symposium on Networked Systems Design and Implementation (NSDI), Boston, May 2005
• [20] Kang M. S., Lee S. B., Gligor V. D.: The Crossfire Attack, IEEE Symposium on Security and Privacy, 2013
• [21] Kim Y, Lau W. C., Chuah M. C., Chao H. J.: Packet Score: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks, IEEE Trans. Dependable Secure Computing, vol. 3(2), 2006
• [22] Li M., Lju J., Long D.: Probability Principle of Reliable Approach to detect signs of DDOS Flood Attacks, PDCAT, Springer-Verlag Berlin Heidelberg, 2004
• [23] Liu H. I., Chang K. C.:Defending systems Against Tilt DDoS attacks,Telecommunication Systems, Services, and Applications (TSSA), 2011
• [24] Liu X., Yang A. Li, X., Wetherall D.: Passport: secure and adoptable source authentication, 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08), 2008
• [25] LjuX., Yang X., Lu Y: To filter or to authorize: network-layer DoS defense against multimillion-node botnets, ACM SIGCOMM Conference on Data Communication (SIGCOMM), 2008
• [26] Łącki B.: Ile kosztuje DDoS - z perspektywy cyberprzestępcy i ofiary ataku, PLNOG, [online] http://www.data.proidea.org.pl/plnog/12edycja/day1/track3/06_ile_kosztuje_ddos.pdf, 2014
• [27] Mahajan R., Bellovin M S., Floyd S., Ioannidis J., Paxson V, Shenker S.: Controlling high bandwidth aggregates in the network, Computer Communication Review, 2002
• [28] Mirkovic J., Reiher R: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, ACM SIGCOMM Computer Communication Review, vol.34(2), 2004
• [29] Mirkovic J., Prier G., Reiher R: Attacking DDoS at the source, 10th IEEE ICNR Washington DC, USA, 2002
• [30] Mirkovic J., Reiher R, Robinson M.: Forming Alliance for DDoS Defense, New Security Paradigms Workshop, Centra Stefano Francini, Swilzerland, 2003
• [31] Miu T T, Hui A. K., Lee W. L, Luo D. X., Chung A. K., Wong J. W: Universal DDoS Mitigation Bypass, Black Hat, 2013
• [32] Mizrak A. T, Savage S., Marzullo K.: Detecting compromise routers via packet forwarding behawior, IEEE Network, 2008
• [33] Molsa J.: Mitigating denial of service attacks: A tutorial, Journal of Computer Security, vol. 13(6), 2005
• [34] Oikonomou G., Mirkovic J.: Modeling human behavior for defense against flash-crowd attacks, IEEE International Conference on Communications (ICC'09), 2009
• [35] Papadopoulos C., Lindell R., Mehringer J., Hussain A., Govindan R.: Cossack: Coordinated Suppression of Simultaneous Attacks, DARPA Information Survivability Conference and Exposition, vol. 1, 2003
• [36] Peng T, Leckie C., Ramamohanarao K.: Protection from distributed denial of service attacks using history-based IP filtering, ICC, vol. 1, 2003
• [37] Prolexic Ouarterly Global DDoS Attack Reports, online: http://www.prolexic.com/knowledge-center-dos-and-ddos-attack-reports.html
• [38] RahulA., PrashanthS. K., KumarandB.S.,Arun G.:Detection of Intruders and Flooding In Voip Using IDS, Jacobson Fast And Hellinger Distance Algorithms, IOSR Journal of Computer Engineering (IOSRJCE), vol. 2(2), 2012
• [39] Ranjan S., Swaminathan R., Uysal M., Nucci A., Knightly E.: DDoS-shield: DDoS-resilient scheduling to counter application layer attacks, IEEE/ACM Trans. Netw., vol. 17(1), 2009
• [40] Rodriguez-Gómez R. A., Macia-Fernandez G., Garcia-Teodoro R: Survey and taxonomy of botnet research through life-cycle, ACM Computing Surveys (CSUR), 45(4), 2013
• [41] SANS Institute: NAPTHA: A new type of Denial of Service Attack, 2000
• [42] Silva S. S.C., Silva R. M.R, Pinto R. C.G., Salles R. M.: Botnets: A survey, Computer Networks, vol. 57(2), 2012
• [43] Stone-Gross B., Cova M., Gilbert B., Kemmerer R., Kruegel C., Vigna G.: Analysis of a botnet takeover, IEEE Security & Privacy, vol. 9(1), 2011
• [44] Studer A., Perrig A.: The Coremelt attack, Proceedings of ESORICS'09, Springer-Verlag, 2009 [45] Walfish M., Vutukuru M., Balakrishnan H., Karger D., and Shenker S.: DDoS defense by offense, SIGCOMM Computer Communications Review, vol. 36(4), 2006
• [46] Wang H., Jin C., Shin K. G.: Defense Against Spoofed IP Traffic Using Hop-Count Filtering, IEEE/ACM Trans. Netw., vol. 15(1), 2007
• [47] Xie Y, Yu S. Z.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors, IEEE/ACM Trans. Netw., vol. 17(1), 2009
• [48] Yaar A., Perrig A., Song D., Pi: A Path Identification Mechanism to Defend against DDoS Attacks, IEEE Symposium on Security and Privacy, 2003
• [49] Yaar A., Perrig A., Song D.: SIFF: a Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, IEEE Symposium on Security and Privacy, 2004
• [50] Yang X„ Wetherall D., Andersen T: TVA: a DoS-limiting network architecture, IEEE/ACM Trans. Netw., vol. 16(6), 2008
• [51] Yau D., Lui J. C. S., Liang E: Defending against distributed denial of service attacks using max-min fair server centric router throttles, IEEE International Conference on Ouality of Service, 2002 [52] Yu J., Li Z.,Chen H.,and Chen X.: Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks, the third International Conference on Networking and Services (ICNS'07), June 19-25, 2007
• [53] Zargar S. T, Joshi J., Tipper D.: A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks, IEEE Communications Surveys & Tutorials, vol.15(4), 2013