Title :
Optimal filtering for denial of service mitigation
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Delaware, Newark, NJ, USA
Abstract :
An optimal approach to mitigation of denial of service flooding attacks is presented. The objective is to protect the server while minimizing the effect of the mitigation. The approach relies on routers filtering enough packets so that the server is not overwhelmed while ensuring that as little filtering as possible is performed. The optimal solution is to filter packets at routers through which the "attack packets" are passing. The identification of which router is forwarding the packets is carried out by routers filtering packets at time varying ratios. Then the correlation between the arrival of packets at the server and the router filtering ratios provides an indication of which routers are forwarding the attack packets. Once sufficient confidence in the identification is achieved, the routers that forward more attack packets will filter more packets than routers that forward less attack packets.
Keywords :
Internet; packet switching; telecommunication security; Internet servers; attack packets; denial of service; denial of service attacks; flooding attacks; identification; Computer crime; Floods; Gain control; Information filtering; Information filters; Internet; Protection; Resource management; Tagging; Web server;
Conference_Titel :
Decision and Control, 2002, Proceedings of the 41st IEEE Conference on
Print_ISBN :
0-7803-7516-5
DOI :
10.1109/CDC.2002.1184719
