usenix conference policies
Adaptive Defense Against Various Network Attacks
In defending against various network attacks, such as Distributed Denial-of-Service (DDoS) attacks or worm attacks, a defense system needs to deal with various network conditions and dynamically changing attacks. In this paper, we introduce an ``adaptive defense" principle based on cost minimization -- a defense system adaptively adjusts its configurations according to the network condition and attack severity in order to minimize the combined cost introduced by false positives (misidentify normal traffic as attack) and false negatives (misidentify attack traffic as normal) at any time. In this way, the adaptive defense system generates fewer false alarms in normal situations (or under light attacks) with relaxed defense configurations, while protecting a network or a server more vigorously under severe attacks. Specifically, we present detailed adaptive defense system designs for defending against two major network attacks: SYN flood DDoS attack and Internet worm infection. The adaptive defense is a high-level system design that can be built on top of various non-adaptive detection and filtering algorithms, which makes it applicable for a wide range of security defenses.
author = {Cliff C. Zou and Don Towsley and Weibo Gong},
title = {Adaptive Defense Against Various Network Attacks},
booktitle = {Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI 05)},
year = {2005},
address = {Cambridge, MA},
url = {https://www.usenix.org/conference/sruti-05/adaptive-defense-against-various-network-attacks},
publisher = {USENIX Association},
month = jul
}
connect with us