Name
Title | ||
|---|---|---|
Proactive control of distributed denial of service attacks with source router preferential dropping |
Abstract | ||
|---|---|---|
Summary form only given. A distributed denial of service (DDoS) attack is an explicit attempt to interrupt an online service by generating a high volume of malicious traffic. These attacks consume all available network resources, thus rendering legitimate users unable to access the services. Most existing solutions propose to detect and drop attack packets at or near the destination network where the attack packets have already traversed the network and consumed considerable bandwidth. The aggregate traffic at the destination router may consist of hundreds of thousands of flows making it hard for the router to distinguish between legitimate and malicious packets. So, collateral damage is unavoidable. In this paper, we present a source router preferential dropping (SRPD) scheme to detect possible DDoS attacks and defeat them at their sources. SRPD monitors only high-rate outgoing flows at source networks and preferentially drops the packets belonging to these flows when it senses the existence of an attack. A simulation model is constructed and a number of simulation experiments have been conducted to evaluate the performance of the proposed scheme. Simulation results show that SRPD effectively controls DDoS attacks at their sources and reduces collateral damage to a minimum level. |
Year | DOI | Venue |
|---|---|---|
2005 | 10.1109/AICCSA.2005.1387064 | AICCSA |
Keywords | Field | DocType |
packet switching,distributed denial of service attack,high-rate outgoing flow,collateral damage reduction,destination router,destination network,online service interruption,simulation experiment,service attack,source router,attack packet,collateral damage,high volume malicious traffic,available network resource,simulation model,drop attack packet,packet dropping,possible ddos attack,telecommunication control,telecommunication security,telecommunication traffic,telecommunication network routing,source router preferential dropping scheme,proactive control,network resources,ddos attack,security of data,internet,distributed denial of service,bandwidth | Interrupt,Denial-of-service attack,Packet drop attack,Computer security,Computer science,Network packet,Computer network,Packet switching,Router,Application layer DDoS attack,The Internet | Conference |
ISSN | ISBN | Citations |
2161-5322 | 0-7803-8735-X | 4 |
PageRank | References | Authors |
0.44 | 7 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yinghong Fan | 1 | 4 | 0.44 |
| H. Hassanein | 2 | 5 | 0.88 |
| Patrick Martin | 3 | 274 | 14.72 |