Paper Info
Title
Real-Time Protection against DDoS Attacks Using Active Gateways
Abstract
This paper presents solutions for protecting servers against distributed denial-of-service (DDoS) attacks that inundate the system with file download and script execution requests. Our solution uses a dynamic packet filtering on dual-ported active NIC based gateways to drop attacking packets based on locally measured request rates and information from the server (such as server loading, number of incomplete connections). A variety of techniques for performing such packet filtering in real-time are discussed. A prototype implementation using a test bed of several clients, attacking machines and servers indicates that considerable improvements in the response times to legitimate requests and overall improvements in the performance of the servers are realized by the proposed scheme. As a sustained high-volume attack is started, the intelligent gateway is successful in detecting and filtering out apparently malicious traffic in only a few 10s of seconds.
Year
DOI
Venue
2005
10.1109/ICDCSW.2005.118
ICDCS Workshops
Keywords
Field
DocType
active gateways,ddos attacks,real-time protection,dual-ported active nic,file download,considerable improvement,incomplete connection,intelligent gateway,legitimate request,dynamic packet,malicious traffic,overall improvement,server loading,prototypes,active filters,test bed,ddos attack,internet,real time,file servers,distributed denial of service,testing,machine intelligence,quality of service
Denial-of-service attack,Computer science,Network packet,Server,Filter (signal processing),Quality of service,Computer network,Default gateway,Application layer DDoS attack,Operating system,The Internet
Conference
ISBN
Citations 
PageRank 
0-7695-2328-5-02
0
0.34
References 
Authors
6
2
Name
Order
Citations
PageRank
Onur Demir102.70
Kanad Ghose21220113.50