Abstract
Distributed denial of service (DDoS) attacks have become a major threat to organizations and especially to internet and intranet. In DDoS attacks targets are overwhelmed by sending an enormous amount of traffic from a number of attack sites. The major task of any defense system is to detect these attacks accurately and quickly, before it causes an unrecoverable loss. Most of the research in this regard has been focused on the detection techniques without exploiting spatial placement of detection system in a network. The ideal way to completely eliminate the DDoS threat is to run detection mechanism on every node in the network, which is not a practical solution. In this paper, we focus on the optimized placement of detection nodes in a network for distributed detection of DDoS attacks which not only minimize the number of these node required but also reduce the cost, processing overheads and larger delays in identifying an attack. We examine the placement problem of finding a minimum cardinality set of nodes to detect DDoS attacks such that no attack traffic can reach the target without being monitored by these sensors. The placement problem is first formulated as set packing and then as set covering. The solution to both of these formulations is NP hard; therefore, two efficient heuristic algorithms are presented and compared for minimizing the number of detection nodes and finding the optimal placement in a network, thus preventing the impact of distributed attacks. Both algorithms give a near optimal number of detection nodes.

M.H. Islam, K. Nadeem, S. A Khan. (2009) Optimal Sensor Placement for Detection against Distributed Denial of Service Attacks, Pakistan Journal of Engineering and Applied Sciences, Volume 4, Issue 1.
  • Views 1999
  • Downloads 154

Article Details

Volume
Issue
Type
Language