• DocumentCode
    3082982
  • Title

    Identifying Legitimate Clients under Distributed Denial-of-Service Attacks

  • Author

    Simpson, Steven ; Lindsay, Adam T. ; Hutchison, David

  • Author_Institution
    Comput. Dept., Lancaster Univ., Lancaster, UK
  • fYear
    2010
  • fDate
    1-3 Sept. 2010
  • Firstpage
    365
  • Lastpage
    370
  • Abstract
    Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.
  • Keywords
    security of data; attack traffic; distributed denial-of-service attacks; legitimate client identification; Bandwidth; Computer crime; IP networks; Routing protocols; Servers; Countermeasures; DDoS; Flow cookies; Mitigation; Proof-of-work; Remediation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and System Security (NSS), 2010 4th International Conference on
  • Conference_Location
    Melbourne, VIC
  • Print_ISBN
    978-1-4244-8484-3
  • Electronic_ISBN
    978-0-7695-4159-4
  • Type

    conf

  • DOI
    10.1109/NSS.2010.77
  • Filename
    5635632
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3082982