course participants course announcements about this wiki questionnaires and assignments slides of presentations course schedule related resources Gerhard Fischer Hal Eden Mohammad Al-Mutawa Ashok Basawapatna Lee Becker Jinho Daniel Choi Guy Cobb Holger Dick Nwanua Elumeze Soumya Ghosh Rhonda Hoenigman elided#1 Dan Knights Kyu Han Koh elided#2 Yu-Li Liang Paul David Marshall Keith Maull Jane Kathryn Meyers John Michalakes Michael Wilson Otte Deleted Page Joel Pfeiffer Caleb Timothy Phillips Dola Saha deleted |
D-WARD: Source-End Defense Against Distributed Denial-of-Service Attacks Jelena Mirkovic University of California at Los Angeles This PhD thesis basically proposes a new approach to build a network security system. It takes a different direction to achieve a goal. This source-end defense system, called D-WARD, is located at networks that are hosting some of the attack machines, not the victims’ machines. D-WARD monitors and polices the outgoing traffic from those networks, thus controlling attacks. This system provides a highly selective response to distributed denial-of-service (DDoS) attacks, inflicting almost no damage to legitimate traffic. D-WARD needs to be installed at the network hosting attack machines, otherwise it will not be able to protect the legitimate clients from attacks. This thesis begins with the summary of the DDoS problem. The author describes the basis of DDoS attacks. She also explains the characteristics of good DDoS defense in order to effectively protect the network. They are distributed, selective, adaptive and customizable. Then comes the D-WARD solution. D-WARD adheres to several principles that are main contributors to its good performance. Firstly, it makes very few assumptions. It is only aware of its policy address set and it observes symmetric traffic. Secondly, it detects legitimate, not attack behavior. The author argues that a system that detects malicious behavior becomes useless as soon as the attack changes and detecting legitimate traffic might be a better solution. Thirdly, it builds model based on protocol specification rather than on observed behavior. Next, it applies dynamic response. Due to the possibility of its observations and actions occasionally be wrong or the network conditions change, D-WARD frequently reevaluates its response and adjusts itself promptly to observations. D-WARD also has modular design, which enables easy modifications and integration with other defense systems. Lastly, it is an autonomous system. If D-WARD is integrated with other defense systems, it can achieve excellent performance in autonomous operation, as has been demonstrated in numerous experiments performed by the authors and by independent evaluators. The author argues that to solve a distributed DoS problem requires a distributed solution. D-WARD is only one of the building blocks of the complete solution to enhance Internet security. D-WARD even shows the improved performance when combined with other defense systems. I think the author did the job very well in explaining the basis of network security, the definition and goals of distributed denial-of-service attacks and the approach she took to describe how the system works so that the person who has little of knowledge in network security like me can easily understand the concepts. I like the source-end approach as it is an easy yet effective way to tackle network security problems. People in security community always think the way to protect the victims by installing the defense system at the victims’ ends, but this work just looked at the other way. The performance results are very thorough and detailed; the author experimented the D-WARD system with many kinds of attacks to make certain it really works. I also like that the author uses the protocol specification to catch the legitimate traffic instead of attackers’ traffic. Last modified 24 November 2007 at 2:57 pm by panichsa |