|
|
Type of Document Master's Thesis Author Cieslak, David A Author's Email Address dcieslak@nd.edu URN etd-04212006-091107 Title A Clustering Defense Against Distributed Denial of Service Attacks Degree Master of Science in Computer Science and Engineering Department Computer Science and Engineering Advisory Committee
Advisor Name Title Dr. Aaron Striegel Committee Chair Dr. Christian Poellabauer Committee Member Dr. Nitesh Chawla Committee Member Keywords
- Distributed Denial of Service
- Clustering
Date of Defense 2006-04-10 Availability restricted Abstract Distributed Denial of Service (DDoS) attacks can quickly bring normally effective web services to a screeching halt. While there has been a significant amount of research conducted on DoS and DDoS attacks in the literature, the vast majority of the solutions focus on isolating the perceived static signature or static set of attackers. However, the noisy nature of Internet traffic coupled with sophisticated dynamic attacks negates the effectiveness of most solutions. This thesis presents Randomized Algorithms for Packet InferencE and Rejection (RAPIER), an adaptive scheme for maintaining web service despite the presence of multifaceted attacks in a noisy environment. In contrast to existing solutions that rely upon "clean" training data, a live web service environment makes finding such training data difficult if not impossible. Thus, RAPIER focuses on quickly and efficiently salvaging good connections with the realization that the chaotic nature of the live environment necessitates implicitly limits the accuracy of such detections. RAPIER employs an adaptive k-means clustering approach co-located with the load balancer to defend the legitimate connections in a mixed attack environment. I present the RAPIER approach and evaluate its performance through initial simulation surveys, which are explored further through experimental studies in a diverse attack environment ranging from SYN floods to flash crowds to zombie wget loops.Files
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access CieslakDA042006.pdf 1.30 Mb 00:06:01 00:03:05 00:02:42 00:01:21 00:00:06 indicates that a file or directory is accessible from the campus network only.