Title :
Source-end DDoS defense
Author :
J. Mirkovic;G. Prier;P. Reiher
Author_Institution :
Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA
fDate :
6/25/1905 12:00:00 AM
Abstract :
A successful source-end DDoS (distributed denial-of-service) defense enables early suppression of the attack and minimizes collateral damage. However, such an approach faces many challenges: (a) distributing the attack hinders detection; (b) defense systems must guarantee good service to legitimate traffic during the attack; and (c) deployment costs and false alarm levels must be sufficiently small and effectiveness must be high to provide deployment incentive. We discuss each of the challenges and describe one successful design of a source-end DDoS defense system-the D-WARD system. D-WARD was implemented in a Linux router. We include experimental results to illustrate D-WARD´s performance.
Keywords :
"Telecommunication traffic","Protocols","Face detection","Computer crime","Costs","Floods","Filtering","Computer science","Linux","Contracts"
Conference_Titel :
Network Computing and Applications, 2003. NCA 2003. Second IEEE International Symposium on
Print_ISBN :
0-7695-1938-5
DOI :
10.1109/NCA.2003.1201153
