Proceedings ArticleDOI
TDFA: Traceback-Based Defense against DDoS Flooding Attacks
Vahid Aghaei Foroushani,A. Nur Zincir-Heywood +1 more
- pp 597-604
TLDR
A Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach, which consists of three main components: Detection, Trace back, and Traffic Control, is proposed to counter DDoS attacks.Abstract:
Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side The problem is exacerbated when there are spoofed IP addresses in the attack packets In this case, even if the attacking traffic can be filtered by the victim, the attacker may reach the goal of blocking the access to the victim by consuming the computing resources or by consuming a big portion of the bandwidth to the victim This paper proposes a Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach to counter this problem TDFA consists of three main components: Detection, Trace back, and Traffic Control In this approach, the goal is to place the packet filtering as close to the attack source as possible In doing so, the traffic control component at the victim side aims to set up a limit on the packet forwarding rate to the victim This mechanism effectively reduces the rate of forwarding the attack packets and therefore improves the throughput of the legitimate traffic Our results based on real world data sets show that TDFA is effective to reduce the attack traffic and to defend the quality of service for the legitimate trafficread more
Citations
More filters
Journal ArticleDOI
News focusData set
TL;DR: In these data, Japanese cars have lower mileage than American cars; the coefficient on Japan contradicts the expectations and the equation explains 67% of the variation in gas mileage.
Proceedings ArticleDOI
Self-organizing map-based approaches in DDoS flooding detection using SDN
Tran Manh Nam,Phan Hai Phong,Tran Dinh Khoa,Truong Thu Huong,Pham Ngoc Nam,Nguyen Huu Thanh,Luong Xuan Thang,Pham Anh Tuan,Le Quang Dung,Vu Duy Loi +9 more
TL;DR: The experimental results show that these algorithms can reduce the processing time while maintain the suitable accuracy rate, and the proposed algorithms with their detection architecture are implemented in the Software-Defined Networking (SDN) technology which has the flexibility and programmable abilities.
Journal ArticleDOI
Inferring distributed reflection denial of service attacks from darknet
TL;DR: The extracted insights from various validated DNS DRDoS case studies lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DRDoS activities.
Journal ArticleDOI
Record route IP traceback
TL;DR: This work proposes a novel probabilistic packet marking scheme to infer forward paths from attacker sites to a victim site and enable the victim to delegate the defense to the upstream Internet Service Providers (ISPs).
Journal ArticleDOI
On Distributed Denial of Service Current Defense Schemes
TL;DR: The current DDoS defense mechanisms, their strengths and weaknesses are discussed and a need for a continual study in developing defense mechanisms is discussed.
References
More filters
Journal ArticleDOI
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
A. Yaar,Adrian Perrig,Dawn Song +2 more
TL;DR: The StackPi marking scheme consists of two new marking methods that substantially improve Pi's incremental deployment performance: Stack-based marking and write-ahead marking, and a new filter, the PiIP filter, which can be used to detect Internet protocol spoofing attacks with just a single attack packet.
Journal ArticleDOI
IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks
Minho Sung,Jun Xu +1 more
TL;DR: A novel technique is presented that can effectively filter out the majority of DDoS traffic, thus improving the overall throughput of the legitimate traffic, and can improve the throughput of legitimate traffic by three to seven times during DDoS attacks.
Journal ArticleDOI
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Hakem Beitollahi,Geert Deconinck +1 more
TL;DR: This survey is the most complete survey that analyzes the most cited DDoS defense techniques in detail and provides an in-depth analysis of each countermeasure and enumerates strengths and challenges of each technique.
Journal ArticleDOI
On deterministic packet marking
Andrey Belenky,Nirwan Ansari +1 more
TL;DR: DPM is based on marking all packets at ingress interfaces and is capable of performing the traceback without revealing topology of the providers' network, which is a desirable quality of a traceback method.
Journal ArticleDOI
Controlling IP Spoofing through Interdomain Packet Filters
TL;DR: It is shown that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers and can help localize the origin of an attack packet to a small number of candidate networks.
Related Papers (5)
Mark-aided distributed filtering by using neural network for DDoS defense
Yang Xiang,Wanlei Zhou +1 more