Journal of KIISE:Information Networking (한국정보과학회논문지:정보통신)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Detection of the Portent of Distributed DoS Attacks on the Internet AS-level Topology

인터넷 AS 레벨 토폴로지에서 분산서비스거부 공격 징후 탐지

  • 강구홍 (서원대학교 정보통신공학과) ;
  • 이희만 (서원대학교 멀티미디어공학과) ;
  • 김익균 (ETRI 지식정보보안연구부) ;
  • 오진태 (ETRI 지식정보보안연구부) ;
  • 장종수 (ETRI 지식정보보안연구부)
  • Received : 2009.11.24
  • Accepted : 2010.06.16
  • Published : 2010.10.15
Download PDF
⟨ Previous Next ⟩

Abstract

Despite lots of efforts to obtain an accurate picture of structure at the level of individual ASes, there is a few application works using the AS-level Internet topology. In this paper, we show that the power-law fits the number of down-stream customer ASes very well and also present the distributions of AS links with the "public view" from UCLA IRL laboratory. Moreover, we obtain the distributions of source-destination pairs of routing hops for two sites in Korea and the United States, and then we propose a new method to decide the randomness of Internet traffic using the obtained distributions and the BGP valley-free routing policy. The randomness of traffic must be a portent of outbreak of the distributed denial-of-service attacks.

각각의 AS 레벨에서 정확한 연결구조를 얻기 위해 들이는 노력에도 불구하고 이들 AS 레벨 인터넷 토폴로지를 이용한 응용 연구들이 매우 드물다. 본 논문에서는 UCLA IRL 연구실이 제공하는 데이터를 이용해 AS 노드의 하위 스트림 AS 분포의 power-laws 특정과 인터넷 라우팅 패스 구조에 가장 중요한 역할을 하는 AS 링크 분포를 살펴 보았다. 또한, 한국과 미국 사이트를 중심으로 (발신지-목적지) 라우팅 흡수 분포를 조사하고 이들 분포와 BGP 밸리-프리 라우팅 정책 특정을 이용하여 분산서비스거부(DDoS) 공격 시 예상되는 인터넷 트래픽 임의성(randomness)을 근거로 DDoS 공격 징후를 인터넷 AS 레벨에서 발견하는 방법을 제시하였다.

Keywords

References

  1. L. Gao, "On Inferring Autonomous System Relationships in the Internet," IEEE/ACM Transactions on Networking, vol.9, Issue 6, pp.733-745, 2001. https://doi.org/10.1109/90.974527
  2. B. Zhang, R. Liu, D. Massey, and L. Zhang, "Collecting the internet AS-level topology," SIGCOMM Computer Communication Review, vol.35, Issue 1, pp.53-61, 2005. https://doi.org/10.1145/1052812.1052825
  3. Power-Law Relationships of the Internet Topology," In Proc. of ACM SIGCOMM, pp.251-262, 1999.
  4. Q. Chen, H. Chang, R. Govindan, and S. Jamin, "The origin power laws in Internet topologies revisited," In Proc. of INFOCOM 2002, 2002.
  5. R. Oliveira, D. Pei, W. Willinger, B. Zhang and L. Zhang, "In Search of the Elusive Ground Truth: The Internet's AS-level Connectivity Structure," In Proc. of SIGMETRICS'08, 2008.
  6. R. Oliveira, D. Pei, W. Willinger, B. Zhang and L. Zhang, "Quantifying the Completeness of the Observed Internet AS-level Structure," Technical Report TR-080026, Computer Science Department UCLA, 2008.
  7. RIPE routing information service project, available at http://www.ripe.net
  8. Route Views routing table archive, available at http://routeviews.org
  9. UCLA IRL Internet Topology Collection, available at http://irl.cs.ucla.edu/topology
  10. J. Winick, S. Jamin, "Inet-3.0: Internet Topology Generator. Technical Report, Department of EECS, University of Michigan, 2002.
  11. C.D. Murta, J.N. Maciel, NIT: The New Internet Topology Generator. Technical Report, Department of Informatics, University Federal of Parana, 2008.
  12. K. Park and H. Lee, "On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law Internets," In Proc. of ACM SIGCOMM, pp.15-26, 2001.
  13. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol.34, no.2, pp.39-53 Apr. 2004. https://doi.org/10.1145/997150.997156
  14. W. Lu, M. Tavallaee, and A.A. Ghorbani, "Automatic Discovery of Botnet Communities on Large-Scale Communications Networks," In Proc. of ASIACCS'09, 2009.
  15. C. Zou, W. Gong, and D. Towsley, "Code Red Worm Propagation Modeling and Analysis," In Proc. of CCS'02, 2002.
  16. I.V. Beijnum, Building Reliable Networks with the Border Gateway Protocol, O'Reilly, 2002.
  17. M. Roesch, "Snort Lightweight Intrusion Detection for Networks," In Proc. of USENIX LISA'99, pp.101-109, 1999.
  18. M.V. Mahoney, "Network Traffic Anomaly Detection Based on Packet Byte," In Proc. of SAC 2003, pp.346-350, 2003.
  19. L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical Approaches to DDoS Attack Detection and Response," In Proc. of DISCEX'03, 2003.