Cooperative Detecting and Responding to a DDoS Attack

H. Su and J.-B. Ju (PRC)


Cooperative intrusion detection, adaptable response, DDoS attack, multiple domain, and alert correlation.


The most effective measure to counter the Distributed Denial of Service attacks (DDoS) is to detect and respond as soon as possible. Because of the massive, distributed, and hard to trace natures, the tasks of identifying such attacks and responding properly need an extensive cooperation among the intrusion detection systems (IDSs) crossing multiple administrative domains. This paper 1 discusses the relationships between the cooperative IDSs and proposes a credibility algorithm to evaluate the trustiness of shared messages. To improve the precision and timeliness of the IDSs, we put forward a new cooperation mechanism for IDSs distributed in different cooperation rings. It consists of a local inference engine with backscatter packets analysis, a complex alerts correlation methodology and a cooperative adaptable response strategy based on the local security policy. The MDCI system, a prototype, is also depicted in this paper, which implements cooperative intrusion detection and response capabilities for DDoS attacks.

Important Links:

Go Back