DocumentCode
524546
Title
DoS attack countermeasures in NGN using private security policy
Author
Okada, Yasuyoshi ; Nishikawa, Yasuhiro ; Sato, Naoshi
Author_Institution
Inst. of Inf. Security, Yokohama, Japan
fYear
2010
fDate
15-18 June 2010
Firstpage
1
Lastpage
6
Abstract
This paper proposes countermeasures against denial of service (DoS) attacks on the Next Generation Network (NGN). Applying a private security policy to IP packets flowing from the Internet into the NGN, the IP packets are checked and abnormal packets for DoS attacks are detected at edge routers on the NGN exit-side. An DoS attack notification is sent back from the edge routers to the entrance-side edge routers, which mark matching IP packets and send them around a loop added to their route. The feature of our method is that attack packets are delayed rather than just discarded to avoid the loss of normal packets misrecognized as attack packets by letting the end user decide their normality. This is acceptable because DoS attack packets are usually meaningless rather than dangerous. Our method eliminates attack-induced congestion and restores service provision. Its effectiveness was verified by network simulations.
Keywords
IP networks; Internet; computer network security; electronic countermeasures; DoS attack; IP packets; Internet; NGN; countermeasures; denial of service; next generation network; private security policy; Bandwidth; Communication system control; Computer crime; IP networks; Information security; Internet; Network servers; Next generation networking; Proposals; Protocols; DDoS; DoS; NGN; Personal Information Security Policy; Routing Control Method;
fLanguage
English
Publisher
ieee
Conference_Titel
Information and Telecommunication Technologies (APSITT), 2010 8th Asia-Pacific Symposium on
Conference_Location
Kuching
Print_ISBN
978-1-4244-6413-5
Electronic_ISBN
978-4-88552-244-4
Type
conf
Filename
5532028
Link To Document