• DocumentCode
    3614400
  • Title

    Source-end DDoS defense

  • Author

    J. Mirkovic;G. Prier;P. Reiher

  • Author_Institution
    Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA
  • fYear
    2003
  • fDate
    6/25/1905 12:00:00 AM
  • Firstpage
    171
  • Lastpage
    178
  • Abstract
    A successful source-end DDoS (distributed denial-of-service) defense enables early suppression of the attack and minimizes collateral damage. However, such an approach faces many challenges: (a) distributing the attack hinders detection; (b) defense systems must guarantee good service to legitimate traffic during the attack; and (c) deployment costs and false alarm levels must be sufficiently small and effectiveness must be high to provide deployment incentive. We discuss each of the challenges and describe one successful design of a source-end DDoS defense system-the D-WARD system. D-WARD was implemented in a Linux router. We include experimental results to illustrate D-WARD´s performance.
  • Keywords
    "Telecommunication traffic","Protocols","Face detection","Computer crime","Costs","Floods","Filtering","Computer science","Linux","Contracts"
  • Publisher
    ieee
  • Conference_Titel
    Network Computing and Applications, 2003. NCA 2003. Second IEEE International Symposium on
  • Print_ISBN
    0-7695-1938-5
  • Type

    conf

  • DOI
    10.1109/NCA.2003.1201153
  • Filename
    1201153
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3614400