adaptiveDefense-SRUTI05 - Adaptive Defense Against Various...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Adaptive Defense Against Various Network Attacks Cliff C. Zou 1 , Nick Duffield 2 , Don Towsley 1 , Weibo Gong 1 1 University of Massachusetts, Amherst, MA 2 Abstract In defending against various network attacks, such as Distributed Denial-of-Service (DDoS) attacks or worm attacks, a defense system needs to deal with various net- work conditions and dynamically changing attacks. In this paper, we introduce an “adaptive defense” principle based on cost minimization — a defense system adap- tively adjusts its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system generates fewer false alarms in normal situations (or under light attacks) with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. Specifi- cally, we present detailed adaptive defense system de- signs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on top of various non-adaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses. 1 Introduction The current Internet is constantly under network attacks. Many defense methods and systems have been proposed to deal with these attacks. These systems typically first detect the on-going attack traffic, then block (filter) the attack traffic accordingly. Attack detection is of crucial importance in such defense systems. An imperfect detec- tion algorithm will inevitably generate detection errors in terms of “false positives” and “false negatives”. A “false positive” means incorrectly identifying a normal packet (or connection, or host, etc) as an attack whereas a “false negative” means incorrectly identifying an attack as a normal one. Most research has focused on stationary network op- eration with fixed configurations. However in reality, attack detection systems have to face rapidly changing network conditions and various attack intensities. There- fore, besides finding a good detection algorithm, it is equally or more important to design an “intelligent” de- fense system that can automatically adjust its detection and filtering parameters to achieve the best performance possible under every possible attack situation. We introduce an “ adaptive defense principle ” based on “cost minimization” — a defense system adaptively ad- justs its configurations according to network conditions and “ attack severity ” in order to minimize the combined cost introduced by false positives and false negatives at any time. We call such a defense system as an “adaptive defense system”. Compared to a traditional non-adaptive defense system, an adaptive defense system generates
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/25/2011 for the course EEL 5937 taught by Professor Staff during the Spring '08 term at University of Central Florida.

Page1 / 7

adaptiveDefense-SRUTI05 - Adaptive Defense Against Various...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online