IEEE CIT 2008

Keynote Speaker: Prof. Wanlei Zhou, Deakin University, Australia

Title:
Detection and Traceback of DDoS attacks.

Presenter:
Prof. Wanlei Zhou
Chair of Information Technology, Associate Dean, Faculty of Science and Technology,
Deakin University, Melbourne, Australia, wanlei@deakin.edu.au.

Abstract:
Distributed Denial-of-Service (DDoS) attacks are a huge threat to the Internet. Because it is easy to change the source addresses of IP packets, plus the memory-less feature of the Internet, it is extremely hard to defend against DDoS attacks. In this talk, we discuss two particular challenges in dealing with DDoS attacks: the discrimination of DDoS attacks from fresh cloud traffic and the traceback of attack packets to their origins, and propose a number of methods to deal with these challenges. The talk is divided into the following three parts:

An overview of existing techniques in dealing with DDoS attacks.
Detection of network behavior mimicking DDoS attacks.
Trace IP packets of DDoS attacks.

So far, there is no effective and efficient algorithm available to defend against mimicking traffic patterns of flash crowds -- legitimate dramatic surge of accessing to a service site for special events (such as breaking news) -- in DDoS attack traffic. We propose to use entropy rate and information distance to discriminate DDoS attack traffic from flash crowd traffic. Our simulations demonstrated that the proposed methods are effective and efficient in achieving the two goals: raising DDoS alarm as early as possible and discriminating DDoS attacks from flash events.

IP traceback is the ability to trace IP packets to their origins. It provides a security system with the capability of identifying the true sources of attacking IP packets. The main challenge of IP traceback mechanisms is to find the sources of IP packets quickly and precisely. We propose the Flexible Deterministic Packet Marking (FDPM) method, which can achieve better tracing capability over other IP traceback mechanisms. In addition to simulation, we also discuss our implementation of the FDPM scheme on the Click modular router to demonstrate the efficiency and effectiveness of the scheme.

Brief Bio:
Professor Wanlei Zhou received the B.Eng (Computer Science and Engineering) and M.Eng (Computer Science and Engineering) degrees from Harbin Institute of Technology, Harbin, China in 1982 and 1984, respectively, and the PhD degree from The Australian National University, Canberra, Australia, in 1991. He also received a DSc degree (a higher Doctorate degree) from Deakin University in 2002 for his "substantial contribution to knowledge and authoritative standing" in the field of distributed computing. He is the Associate Dean of Faculty of Science and Technology and Chair of Information Technology, Deakin University. Before joining Deakin University, Professor Zhou has been a system programmer in HP at Massachusetts, USA; a lecturer in Monash University, Melbourne, Australia; and a lecturer in National University of Singapore, Singapore. His research interests include theory and practical issues of building distributed systems, security and reliability of computer networks, bioinformatics, and e-learning.

Professor Zhou has published more than 170 papers in refereed international journals and refereed international conferences proceedings. Professor Zhou has edited 5 books and authored 1 book. He has also chaired a number of international conferences.