A Clustering Defense Against Distributed Denial of Service Attacks

Master's Thesis
Thumbnail

Abstract

Distributed Denial of Service (DDoS) attacks can quickly bring normally effective web services to a screeching halt. While there has been a significant amount of research conducted on DoS and DDoS attacks in the literature, the vast majority of the solutions focus on isolating the perceived static signature or static set of attackers. However, the noisy nature of Internet traffic coupled with sophisticated dynamic attacks negates the effectiveness of most solutions. This thesis presents Randomized Algorithms for Packet InferencE and Rejection (RAPIER), an adaptive scheme for maintaining web service despite the presence of multifaceted attacks in a noisy environment. In contrast to existing solutions that rely upon “clean” training data, a live web service environment makes finding such training data difficult if not impossible. Thus, RAPIER focuses on quickly and efficiently salvaging good connections with the realization that the chaotic nature of the live environment necessitates implicitly limits the accuracy of such detections. RAPIER employs an adaptive k-means clustering approach co-located with the load balancer to defend the legitimate connections in a mixed attack environment. I present the RAPIER approach and evaluate its performance through initial simulation surveys, which are explored further through experimental studies in a diverse attack environment ranging from SYN floods to flash crowds to zombie wget loops.

Attributes

Attribute NameValues
URN
  • etd-04212006-091107

Author David A Cieslak
Advisor Dr. Aaron Striegel
Contributor Dr. Nitesh Chawla, Committee Member
Contributor Dr. Christian Poellabauer, Committee Member
Contributor Dr. Aaron Striegel, Committee Chair
Degree Level Master's Thesis
Degree Discipline Computer Science and Engineering
Degree Name MSCSE
Defense Date
  • 2006-04-10

Submission Date 2006-04-21
Country
  • United States of America

Subject
  • Distributed Denial of Service

  • Clustering

Publisher
  • University of Notre Dame

Language
  • English

Record Visibility and Access Public
Content License
  • All rights reserved

Departments and Units

Files

Please Note: You may encounter a delay before a download begins. Large or infrequently accessed files can take several minutes to retrieve from our archival storage system.