Abstract | ||
---|---|---|
Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/NSS.2010.77 | NSS |
Keywords | Field | DocType |
legitimate client,outgoing traffic,attack condition,identifying legitimate clients,denial-of-service attacks,likely legitimate client,network remediation,basic approach,flow cooky,analyse potential countermeasures,likely attack traffic,expected profile,ddos attack,countermeasures,ddos,proof of work,bandwidth,routing protocols,distributed denial of service,servers,remediation,incremental development,persistent current | Countermeasure,Proof-of-work system,Denial-of-service attack,Computer security,Computer science,Server,Computer network,Whitelist,Throughput,Routing protocol | Conference |
Citations | PageRank | References |
0 | 0.34 | 10 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Steven Simpson | 1 | 48 | 9.95 |
adam t lindsay | 2 | 88 | 11.29 |
David Hutchison | 3 | 1781 | 201.46 |