Automated Alerting for Black Hole Routing

Abstract

Distributed/Denial of Service (DIDoS) attacks are the most common and easy-to- launch attacks against a computer or network. Once a DIDoS attack is recognized, there are several methods available to mitigate its impact One of the methods is to drop the attacker's traffic at the edge of the network via Null Routing-also called Black Hole Routing (BHR). BHR is more efficient than the creation and processing of access control lists. Prior work has validated the effectiveness of BHR in mitigating DIDoS attacks in a setting where the defense is activated manually. This research built upon that work and developed a proof-of-concept automated BHR process integrated with Snort, an open source Intrusion Detection System (IDS), to facilitate a faster reaction to a DIDoS attack. A real test bed consisting of Cisco routers was created to evaluate the perfomance of the ieveloped system. The results demonstrated that the automation of BHR is both possible md desirable in mitigating DIDoS attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2007
Accession Number
ADA474419

Entities

People

  • Vinay Puri

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Communication Channels
  • Computer Network Security
  • Computer Networks
  • Computer Programs
  • Computers
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Electronic Mail
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Routing Protocols
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Computational Fluid Dynamics (CFD)
  • Cybersecurity.
  • Human-Computer Interaction (HCI).