Path attestation scheme to avert DDoS flood attacks
Raktim Bhattacharjee,S. Sanand,S. V. Raghavan +2 more
- pp 397-408
TLDR
The Path Attestation Scheme coupled with a metric called "Confidence Index" was able to successfully distinguish between malicious and genuine traffic, 85% of the time, and presupposes support from a fraction of routers in the path.Abstract:
DDoS mitigation schemes are increasingly becoming relevant in the Internet. The main hurdle faced by such schemes is the “nearly indistinguishable” line between malicious traffic and genuine traffic. It is best tackled with a paradigm shift in connection handling by attesting the path. We therefore propose the scheme called “Path Attestation Scheme” coupled with a metric called “Confidence Index” to tackle the problem of distinguishing malicious and genuine traffic in a progressive manner, with varying levels of certainty. We support our work through an experimental study to establish the stability of Internet topology by using 134 different global Internet paths over a period of 16 days. Our Path Attestation Scheme was able to successfully distinguish between malicious and genuine traffic, 85% of the time. The scheme presupposes support from a fraction of routers in the path.read more
Citations
More filters
Journal ArticleDOI
A Review of Constraint Programming
Poonam Dabas,Vaishali Cooner +1 more
TL;DR: Constraint programming is an emergent field in operations research that focuses on the constraints and variables domain rather than the objective functions and finds a feasible solution rather than optimization.
Journal ArticleDOI
Identifying legitimate user in DDoS attack using Petri net
TL;DR: In this article , the authors present an approach to develop and verify a method for modeling of network attacks either at server side or client side, and prove that the method enables one to design models resembling the same behaviour of attacks that support the detection process of selected network attacks and facilitate the application of countermeasures.
Journal ArticleDOI
ROUTER BASED MECHANISM FOR MITIGATION OF DDoS ATTACK- A SURVEY
TL;DR: This paper focuses on Distributed Denial of Service attack, surveys, classification and also proposed mitigation techniques revealed in literature by various researchers.
References
More filters
Journal ArticleDOI
A taxonomy of DDoS attack and DDoS defense mechanisms
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Journal ArticleDOI
End-to-end routing behavior in the Internet
TL;DR: It is found that Internet paths are heavily dominated by a single prevalent route, but that the time periods over which routes persist show wide variation, ranging from seconds up to days.
Proceedings ArticleDOI
Implementing Pushback : Router-Based Defense Against DDoS Attacks
TL;DR: This paper presents an architecture for Pushback, its implementation under FreeBSD, and suggestions for how such a system can be implemented in core routers.
Proceedings ArticleDOI
Pi: a path identification mechanism to defend against DDoS attacks
A. Yaar,Adrian Perrig,Dawn Song +2 more
TL;DR: Pi (short for path identifier), a new packet marking approach in which a path fingerprint is embedded in each packet, enabling a victim to identify packets traversing the same paths through the Internet on a per packet basis, regardless of source IP address spoofing.
Related Papers (5)
SDN-based DDoS Attack Mitigation Scheme using Convolution Recursively Enhanced Self Organizing Maps
Pillutla Harikrishna,A. Amuthan +1 more
An Autonomous Framework for Early Detection of Spoofed Flooding Attacks
S. Malliga,Tamilarasi Angamuthu +1 more