A multiagent approach for detecting and mitigating DDoS attacks
Resumo
This paper describes Arquitena, a multiagent approach for detecting and mitigating DDoS attacks in Internet Services Providers (ISP) networks. Arquitena’s main property is to identify situations that characterize attack scenarios, such as a large stream of packets directed to a network service or equipment. This is accomplished by using a virtual network of agents that mirrors the actual network infrastructure, which tends to facilitate the detection of attack routes, identification of malicious traffic and protection of hypothetical victims. Together with the system’s description and rationale, we describe our preliminary prototype that will be employed for its evaluation.
Palavras-chave:
multiagent systems, distributed denial of service attacks, detection, mitigation, internet service providers
Referências
Arbor. Worldwide infrastructure security report. [link], 2012.
Z. Baig and K. Salah. Multi-agent pattern recognition mechanism for detecting distributed denial of service attacks. IET Information Security, 4(4):333–343, 2009.
R. Bordini, J. Hubner, and M. Wooldridge. Programming multi-agent systems in AgentSpeak using Jason. Wiley, 1th edition, 2007.
L. Breiman. Random forests. In Machine Learning Journal, Vol. 45, Issue 1, pages 5–32. Kluwer Academic Publishers, 2001.
S. Chen and Q. Song. Perimeter-based defense against high band-width ddos attacks. IEEE Trans. Parallel Distrib. Syst., 6(16):526–537, 2005.
Tim Finin, Jay Weber, Gio Wiederhold, Mike Genesereth, Rich Fritzson, Don McKay, Stu Shapiro, Jim McGuire, Richard Pelavin, and Chris Beck. Specification of the kqml agent-communication language, 1994.
V. Gorodetski, I. Kotenko, and O. Karsaev. Multi-agent technologies for computer network security: Attack simulation, intrusion detection and intrusion detection learning. Int. J. of Computer Science Systems Science & Engineering, 2003.
D. Juneja, R. Chawla, and A. Singh. An agent-based framework to counter-attack ddos attacks. Int. J. of Wireless Networks and Communications, 1(2):193–200, 2009.
Z. Mao, Vyas Sekar, Oliver Spatscheck, Jacobus van der Merwe, and Rangarajan Vasudevan. Analyzing large ddos attacks using multiple data sources. In Proc. of the 2006 SIGCOMM workshop on Large-scale attack defense, LSAD ’06, pages 161–168, NY, USA, 2006. ACM.
J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher. Internet Denial of Service - Attack and defense mechanisms. Prentice Hall, 1th edition, 2004.
Y. Ohsita, S. Ata, and M. Murata. Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically. In IEEE GLOBECOM’04, volume 4, pages 2043–2049, 2004.
Riorey. Riorey taxonomy of ddosattacks. [link], 2011.
A. Singh and D. Juneja. Agent based preventive measure for UDP flood attack in DDoS attacks. Int. J. of Engineering Science and Technology, 2:3405–3411, 2010.
W. Stallings and L. Brown. Computer Security: Principles and Practice (2nd ed.). Pearson, 2011.
Z. Baig and K. Salah. Multi-agent pattern recognition mechanism for detecting distributed denial of service attacks. IET Information Security, 4(4):333–343, 2009.
R. Bordini, J. Hubner, and M. Wooldridge. Programming multi-agent systems in AgentSpeak using Jason. Wiley, 1th edition, 2007.
L. Breiman. Random forests. In Machine Learning Journal, Vol. 45, Issue 1, pages 5–32. Kluwer Academic Publishers, 2001.
S. Chen and Q. Song. Perimeter-based defense against high band-width ddos attacks. IEEE Trans. Parallel Distrib. Syst., 6(16):526–537, 2005.
Tim Finin, Jay Weber, Gio Wiederhold, Mike Genesereth, Rich Fritzson, Don McKay, Stu Shapiro, Jim McGuire, Richard Pelavin, and Chris Beck. Specification of the kqml agent-communication language, 1994.
V. Gorodetski, I. Kotenko, and O. Karsaev. Multi-agent technologies for computer network security: Attack simulation, intrusion detection and intrusion detection learning. Int. J. of Computer Science Systems Science & Engineering, 2003.
D. Juneja, R. Chawla, and A. Singh. An agent-based framework to counter-attack ddos attacks. Int. J. of Wireless Networks and Communications, 1(2):193–200, 2009.
Z. Mao, Vyas Sekar, Oliver Spatscheck, Jacobus van der Merwe, and Rangarajan Vasudevan. Analyzing large ddos attacks using multiple data sources. In Proc. of the 2006 SIGCOMM workshop on Large-scale attack defense, LSAD ’06, pages 161–168, NY, USA, 2006. ACM.
J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher. Internet Denial of Service - Attack and defense mechanisms. Prentice Hall, 1th edition, 2004.
Y. Ohsita, S. Ata, and M. Murata. Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically. In IEEE GLOBECOM’04, volume 4, pages 2043–2049, 2004.
Riorey. Riorey taxonomy of ddosattacks. [link], 2011.
A. Singh and D. Juneja. Agent based preventive measure for UDP flood attack in DDoS attacks. Int. J. of Engineering Science and Technology, 2:3405–3411, 2010.
W. Stallings and L. Brown. Computer Security: Principles and Practice (2nd ed.). Pearson, 2011.
Publicado
26/05/2013
Como Citar
PEREIRA, João P. A.; SIMPLICIO JR., Marcos A.; BRANDÃO, Anarosa A. F..
A multiagent approach for detecting and mitigating DDoS attacks. In: WORKSHOP-ESCOLA DE SISTEMAS DE AGENTES, SEUS AMBIENTES E APLICAÇÕES (WESAAC), 7. , 2013, São Paulo/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2013
.
p. 61-66.
ISSN 2326-5434.
