Title :
A source address filtering firewall to defend against denial-of-service attacks
Author :
Xu, Yi ; Lee, Henry C J
Author_Institution :
Inst. for Infocomm Res., Singapore, Singapore
Abstract :
Denial-of-service (DoS) attacks exploit a very fundamental fact that the computation and bandwidth resources of their targets are limited. When the attackers generate large volume of useless packets to deplete the available resources of the targets, the targets are unable to accommodate the legitimate service requests. This paper proposes a firewall mechanism that tries to filter off the malicious packets when the protected network is under DoS attacks. The idea is to judge the legitimacy status of each incoming packet from its source address in a statistical way. The scheme utilizes the traffic intensity difference between the legitimate users and the malicious attackers to make this determination in real time. The proposed firewall mechanism can be used to protect both wired and wireless networks.
Keywords :
authorisation; computer network management; telecommunication traffic; DoS attacks; denial-of-service attacks; firewall; protected network; source address filtering; traffic intensity difference; wired networks; wireless networks; Bandwidth; Communication system security; Computer crime; Filtering; History; Internet; Monitoring; Protection; Statistics; Telecommunication traffic;
Conference_Titel :
Vehicular Technology Conference, 2004. VTC2004-Fall. 2004 IEEE 60th
Print_ISBN :
0-7803-8521-7
DOI :
10.1109/VETECF.2004.1404673
