by

DOI: 10.1023/B:JONS.0000015934.20223.15
Print publication date: 3/1/2004
View article on SpringerLink

by Kelley, Diana

DOI: 10.1023/B:JONS.0000015702.05980.d2
Print publication date: 3/1/2004
View article on SpringerLink

by Tupakula, Udaya Kiran; Varadharajan, Vijay

We propose a Controller-Agent model that would greatly minimize distributed denial-of-service (DDoS) attacks on the Internet. We introduce a new packet marking technique and agent design that enables us to identify the approximate source of attack (nearest router) with a single packet even in the case of attacks with spoofed source addresses. Our model is invoked only during attack times, and is able to process the victims traffic separately without disturbing other traffic, it is also able to establish different attack signatures for different attacking sources and can prevent the attack traffic at the nearest router to the attacking system. It is simple in its implementation, it has fast response for any changes in attack traffic pattern, and can be incrementally deployed. Hence we believe that the model proposed in this paper seems to be a promising approach to prevent distributed denial-of-service attacks.

DOI: 10.1023/B:JONS.0000015701.83726.ca
Print publication date: 3/1/2004
View article on SpringerLink

by Marks, Donald G.; Mell, Peter; Stinson, Michael

Modern Intrusion Detection Systems (IDSs) are distributed real-time systems that detect unauthorized use or attacks upon an organization’s network and/or hosts. The components of most distributed IDSs are arranged in a hierarchical tree structure, where the sensor nodes pass information to the analyzer nodes. Optimal placement of the analyzer nodes results in an improved response time for the IDS, and isolation of attacks within the IDS network. Since the network topology and workload are constantly changing, we are able to maintain near-optimal placement of the analyzer nodes by instantiating them as mobile agents. The analyzer nodes may then relocate, reproduce or be deleted as necessary. Such flexibility improves the response times and the stability of an IDS. The movement of the analyzer nodes also offers some protection against denial-of-service attacks, since secure analyzer nodes will be relocated to take over some of the functionality of the host under attack.

DOI: 10.1023/B:JONS.0000015700.02134.1c
Print publication date: 3/1/2004
View article on SpringerLink

by Koutepas, G.; Stamatelopoulos, F.; Maglaris, B.

We propose a cooperative intrusion detection framework focused on countering Distributed Denial-of-Service (DDoS) attacks through the introduction of a distributed overlay early-warning network. Our goal is to minimize the detection and reaction time and automate responses, while involving as many networks as possible along the attack path. The proposed approach relies on building a “community” of trusted partners that will cooperate by exchanging security information so that inclusion in the attack path is detected locally and without traceback procedures. The main building block is the Cooperative anti-DDoS Entity, a modular software system deployed in each participating network domain that supports secure message exchanges and local responses tailored to individual sites’ policies. We discuss the operation and the implementation of a prototype, and we provide a survey of the methodologies against DDoS and compare our approach to related work.

DOI: 10.1023/B:JONS.0000015699.50210.e3
Print publication date: 3/1/2004
View article on SpringerLink

by Jiang, Jun; Papavassiliou, Symeon

The information technology advances that provide new capabilities to the network users and providers, also provide powerful new tools for network intruders that intend to launch attacks on critical information resources. In this paper we present a novel network attack diagnostic methodology, based on the characterization of the dynamic statistical properties of normal network traffic. The ability to detect network anomalies and attacks as unacceptable when significant deviations from the expected behavior occurs. Specifically, to provide an accurate identification of the normal network traffic behavior, we first develop an anomaly-tolerant nonstationary traffic prediction technique that is capable of removing both single pulse and continuous anomalies. Furthermore, we introduce and design dynamic thresholds, where we define adaptive anomaly violation conditions as a combined function of both magnitude and duration of the traffic deviations. Finally numerical results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach under the presence of different attacks, such as mail-bombing attacks and UDP flooding attacks.

DOI: 10.1023/B:JONS.0000015698.32353.61
Print publication date: 3/1/2004
View article on SpringerLink

by Eltoweissy, Mohamed; Heydari, M. Hossain; Morales, Linda; Sudborough, I. Hal

Given the growing number of group applications in many existing and evolving domains recent attention has been focused on secure multicasting over the Internet. When such systems are required to manage large groups that undergo frequent fluctuations in group membership, the need for efficient encryption key management becomes critical. This paper presents a new key management framework based on a combinatorial formulation of the group multicast key management problem that is applicable to the general problem of managing keys for any type of trusted group communication, regardless of the underlying transmission method between group participants. Specifically, we describe Exclusion Basis Systems and show exactly when they exist. In addition, the framework separates key management from encrypted message transmission, resulting in a more efficient implementation of key management.

DOI: 10.1023/B:JONS.0000015697.38671.ec
Print publication date: 3/1/2004
View article on SpringerLink

by Pashalidis, Andreas; Fleury, Martin

Mobile agents (MAs) have been proposed for decentralized network management. This paper explains how Aglets, a Java open-source MA framework, not a proprietary system, can be used for security-enhanced network management, complementing the security of the Simple Network Management Protocol (SNMP) version 3. The solution prototyped is a hybrid environment where network management applications use MAs that interact locally with SNMP agents via the SNMP protocol. The implemented class libraries extend the security infrastructure of Aglets, by incorporating cryptographic functions through the Java Cryptography Extension. The extension enables data fields to be encrypted, while code is to be digitally signed. Legacy SNMPv1 and v2 enabled devices, with elementary security, can also be upgraded through this approach, which can effectively avoid a range of attacks. Consideration has been given to auxiliary functionality such as responding to SNMP traps, key distribution, logging, and secure clock synchronization.

DOI: 10.1023/B:JONS.0000015696.23905.66
Print publication date: 3/1/2004
View article on SpringerLink

by Hale, John; Brusil, Paul J.

DOI: 10.1023/B:JONS.0000015933.75374.77
Print publication date: 3/1/2004
View article on SpringerLink