Download:
by Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao
http://www.ee.mu.oz.au/pgrad/taop/research/icc2003.pdf
Add To MetaCart
Abstract:
Abstract—In this paper, we introduce a practical scheme to defend against Distributed Denial of Service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming IP packet. Unlike other proposals to defend against DDoS attacks, our scheme works well during highly-distributed DDoS attacks, i.e., from a large number of sources. We present several heuristic methods to make the IP address database accurate and robust, and we present experimental results that demonstrate the effectiveness of our scheme in defending against highly-distributed DDoS attacks. I.
Citations
|
687
|
Space/time trade-offs in hash coding with allowable errors
– Bloom
- 1970
|
|
351
|
Practical network support for ip traceback
– Savage, Wetherall, et al.
- 2000
|
|
314
|
Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing
– Ferguson, Senie
|
|
162
|
Implementing Pushback: Router-Based Defense Against DDoS Attacks
– Ioannidis, Bellovin
- 2002
|
|
162
|
Advanced and authenticated marking schemes for ip traceback
– Song, Perrig
- 2001
|
|
151
|
Controlling high bandwidth aggregates in the network
– Mahajan, Bellovin, et al.
- 2002
|
|
139
|
An algebraic approach to ip traceback
– Dean, Franklin, et al.
- 2002
|
|
122
|
Flash crowds and denial of service attacks: Characterization, and implications for CDNs and web sites
– Jung, Krishnamurthy, et al.
- 2002
|
|
94
|
An analysis of using reflectors for distributed denial-ofservice attacks
– Paxson
- 2001
|
|
93
|
Hash-based ip traceback
– Snoeren
- 2001
|
|
70
|
MULTOPS: A Data-Structure for Bandwidth Attack Detection
– Gil, Poletto
- 2001
|
|
47
|
Defending Against Distributed Denial-of-Service Attacks with Max-min Fair Servercentric Router Throttles
– Yau, Lui, et al.
|
|
36
|
ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt
– Bellovin
- 2000
|
|
29
|
Trends in denial of service attack technology
– Houle, Weaver
- 2001
|
|
22
|
A probalistic approach to detecting network scans
– Leckie, Kotagiri
- 2002
|
|
8
|
Analyzing Distributed Denial of Service Attack Tools: The Shaft Case
– Dietrich, Long, et al.
- 2000
|
|
8
|
Adjusted probabilistic packet marking for ip traceback
– Peng, Leckie, et al.
- 2002
|
|
7
|
On the effectiveness of router-based packet filtering for distributed dos attack prevention in power-law internets
– Park, Lee
- 2001
|
|
5
|
Defending against distributed denial of service attack using selective pushback
– Peng, Leckie, et al.
- 2002
|
|
2
|
Inferring internet Denial-of-Service acitivity
– Moore, Voeker, et al.
- 2001
|
