DocumentCode
397056
Title
Proactively defeating distributed denial of service attacks
Author
Fan, Yinghong ; Hassanein, Hossam ; Martin, Pat
Author_Institution
Sch. of Comput., Queen´´s Univ., Kingston, Ont., Canada
Volume
2
fYear
2003
fDate
4-7 May 2003
Firstpage
1047
Abstract
A distributed denial of service (DDoS) attack (2001) is an explicit attempt to interrupt an online service by generating a high volume of malicious traffic. These attacks consume all available network resources, thus rendering legitimate users unable to access the services. Most existing solutions propose to detect and drop attack packets at or near the destination network where the attack packets have already traversed the network and consumed considerable bandwidth. The aggregate traffic at the destination router may consist of hundreds of thousands of flows. It is hard for the router to distinguish between legitimate and malicious packets. So, collateral damage is unavoidable. In this paper, we present a source router preferential dropping (SRPD) scheme to detect and defeat DDoS attacks at their sources. SRPD monitors only high-rate outgoing flows at source networks and preferentially drops the packets belonging to these flows when it senses an existence of an attack. A simulation model is constructed to evaluate the performance of the proposed scheme. The results show that SRPD effectively controls DDoS attacks at their sources and reduces collateral damage to a minimum level.
Keywords
Internet; packet switching; telecommunication network routing; telecommunication security; telecommunication traffic; Internet; aggregate traffic; attack packets; distributed denial of service attacks; online service; source router preferential dropping scheme; victim router; Aggregates; Authorization; Bandwidth; Computer bugs; Computer crime; Distributed computing; Filtering; TCPIP; Telecommunication traffic; Web and internet services;
fLanguage
English
Publisher
ieee
Conference_Titel
Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on
ISSN
0840-7789
Print_ISBN
0-7803-7781-8
Type
conf
DOI
10.1109/CCECE.2003.1226075
Filename
1226075
Link To Document