Abstract
Distributed denial of service (DDoS) attacks have become a major threat to
organizations and especially to internet and intranet. In DDoS attacks targets are
overwhelmed by sending an enormous amount of traffic from a number of attack sites.
The major task of any defense system is to detect these attacks accurately and quickly,
before it causes an unrecoverable loss. Most of the research in this regard has been
focused on the detection techniques without exploiting spatial placement of detection
system in a network. The ideal way to completely eliminate the DDoS threat is to run
detection mechanism on every node in the network, which is not a practical solution. In
this paper, we focus on the optimized placement of detection nodes in a network for
distributed detection of DDoS attacks which not only minimize the number of these
node required but also reduce the cost, processing overheads and larger delays in
identifying an attack. We examine the placement problem of finding a minimum
cardinality set of nodes to detect DDoS attacks such that no attack traffic can reach the
target without being monitored by these sensors. The placement problem is first
formulated as set packing and then as set covering. The solution to both of these
formulations is NP hard; therefore, two efficient heuristic algorithms are presented and
compared for minimizing the number of detection nodes and finding the optimal
placement in a network, thus preventing the impact of distributed attacks. Both
algorithms give a near optimal number of detection nodes.
M.H. Islam, K. Nadeem, S. A Khan. (2009) Optimal Sensor Placement for Detection against Distributed Denial of Service Attacks, Pakistan Journal of Engineering and Applied Sciences, Volume 4, Issue 1.
-
Views
1970 -
Downloads
153
Article Details
Volume
Issue
Type
Language
