Title :
Tradeoffs of DDoS solutions
Author :
Min Fan ; Jun-yan, Zhang ; Wan-pei, Li ; Yang Guo-wei
Author_Institution :
Coll. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, China
Abstract :
Distributed denial of service (DDoS) has become a serious threat to the Internet. Many schemes against DDoS attacks have been proposed, including ingress/egress filtering, IP traceback, authentication, and so on. We focus on tradeoffs of DDoS solutions. Three tradeoffs are considered, the first one is space, complexity, efficiency and robustness tradeoffs of these packet marking schemes; the second one is marking probability of node sampling scheme, the third one is timeout period of server for three-hand-shaking. Two schemes are suggested, one is combining node append scheme with node sampling scheme, the other is setting SYN timeout dynamically. Proper tradeoffs can be made using these schemes.
Keywords :
IP networks; Internet; message authentication; telecommunication security; IP traceback; Internet; SYN timeout; distributed denial of service; ingress/egress filtering; marking probability; message authentication; node append scheme; node sampling scheme; packet marking schemes; three-hand-shaking; Authentication; Computer crime; Computer science; Educational institutions; Information filtering; Information filters; Lubricating oils; Robustness; Sampling methods; Web and internet services;
Conference_Titel :
Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT'2003. Proceedings of the Fourth International Conference on
Print_ISBN :
0-7803-7840-7
DOI :
10.1109/PDCAT.2003.1236287
