Proceedings ArticleDOI
TDFA: Traceback-Based Defense against DDoS Flooding Attacks
Vahid Aghaei Foroushani,A. Nur Zincir-Heywood +1 more
- pp 597-604
TLDR
A Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach, which consists of three main components: Detection, Trace back, and Traffic Control, is proposed to counter DDoS attacks.Abstract:
Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side The problem is exacerbated when there are spoofed IP addresses in the attack packets In this case, even if the attacking traffic can be filtered by the victim, the attacker may reach the goal of blocking the access to the victim by consuming the computing resources or by consuming a big portion of the bandwidth to the victim This paper proposes a Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach to counter this problem TDFA consists of three main components: Detection, Trace back, and Traffic Control In this approach, the goal is to place the packet filtering as close to the attack source as possible In doing so, the traffic control component at the victim side aims to set up a limit on the packet forwarding rate to the victim This mechanism effectively reduces the rate of forwarding the attack packets and therefore improves the throughput of the legitimate traffic Our results based on real world data sets show that TDFA is effective to reduce the attack traffic and to defend the quality of service for the legitimate trafficread more
Citations
More filters
Dissertation
Darknet as a Source of Cyber Threat Intelligence: Investigating Distributed and Reflection Denial of Service Attacks
TL;DR: A DDoS inference and forecasting model that aims at providing insights to organizations, security operators and emergency response teams during and after a DDoS attack, and a novel approach to infer and characterize Internet-scale DRDoS attacks by leveraging the darknet space.
Proceedings ArticleDOI
Survey of DOS defense mechanisms
TL;DR: This paper surveys the different defense mechanisms available for the denial of service attacks and suggests a number of approaches to address these threats.
Journal ArticleDOI
Speedily, efficient and adaptive streaming algorithms for real-time detection of flooding attacks
Hsin-Chang Lin,Guanling Lee +1 more
Book ChapterDOI
A Distributed Mechanism to Protect Against DDoS Attacks
TL;DR: Responsive Point Identification using Hop distance and Attack estimation rate (RPI-HA) is proposed that when deployed is able to filter out attack traffic and allow legitimate traffic in the event of an attack.
Book ChapterDOI
Optimization Scheme for Traceability of Distributed Denial of Service Attacks Based on Dynamic Probability Packet Marking
TL;DR: A new optimization scheme based on dynamic probabilistic packet marking (DPPM), where the IP address information of the router is marked in the form of dynamic probability to some available fields of the packet header, which has good a performance based on DDOS attack traceability.
References
More filters
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
P. Ferguson,D. Senie +1 more
TL;DR: A simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point is discussed.
Journal ArticleDOI
Controlling high bandwidth aggregates in the network
TL;DR: The design involves both a local mechanism for detecting and controlling an aggregate at a single router, and a cooperative pushback mechanism in which a router can ask upstream routers to control an aggregate.
Proceedings Article
Centertrack: an IP overlay network for tracking DoS floods
TL;DR: This system simplifies the work required to determine the ingress adjacency of a flood attack while bypassing any equipment which may be incapable of performing the necessary diagnostic functions.
Journal ArticleDOI
Improving security using extensible lightweight static analysis
David Evans,David Larochelle +1 more
TL;DR: This article describes an extensible tool that uses lightweight static analysis to detect common security vulnerabilities (including buffer overflows and format string vulnerabilities).
Proceedings ArticleDOI
SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks
A. Yaar,Adrian Perrig,Dawn Song +2 more
TL;DR: This paper presents SIFF, a Stateless Internet Flow Filter, which allows an end-host to selectively stop individual flows from reaching its network, without any of the common assumptions listed above.
Related Papers (5)
Mark-aided distributed filtering by using neural network for DDoS defense
Yang Xiang,Wanlei Zhou +1 more