A Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks

نویسنده

  • Jarmo V. E. Mölsä
چکیده

This paper describes a set of criteria for evaluating defence mechanisms against flooding denial of service (DoS) attacks. Effectiveness and usefulness of a defence mechanism in mitigating a DoS attack depends on many issues which are presented here in the form of a taxonomy. The primary goal of this taxonomy is to help in getting a comprehensive view on both the strengths and weaknesses of a specific defence mechanism. A good defence mechanism should not disturb legitimate traffic when there is no attack, should mitigate the amount of attack traffic well enough, should increase the quality of service (QoS) available to legitimate traffic during an attack, and should use as little resources in this task as possible. In addition, any defence mechanism should be robust against changes in attack characteristics and intentional misuse.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Period Based Defence Mechanism against Data flooding attacks

There is a wide usage of mobiles anywhere and anytime to access the multimedia data. Thus there will be more oppurtunity for wireless adhoc networks. Because, comparing with the wired networks, wireless networks provides low cost and easy accesibility. But the main disadvantage for Consumer electronic devices were generally operate on limited battery power and therfore are vulnerable to securit...

متن کامل

Study on Auto Detecting Defence Mechanisms against Application Layer Ddos Attacks in SIP Server

Denial of Service (DoS) or Distributed Denial of Service (DDoS) is a powerful attack which prevents the system from providing services to its legitimate users. Several approaches exist to filter network-level attacks, but application-level attacks are harder to detect at the firewall. Filtering at application level can be computationally expensive and difficult to scale, while still creating bo...

متن کامل

Cross-domain DoS link-flooding attack detection and mitigation using SDN prin- ciples

The Denial of Service (DoS) attacks pose a major threat to Internet users and services. Since the network security ecosystem is expanding over the years, new types of DoS attacks emerge. The DoS link-flooding attacks target to severely congest certain network links disrupting Internet accessibility to certain geographical areas and services passing through these links. Since crucial services li...

متن کامل

Responsive Aggregate Defence for Denial of Service Attacks

Denial-of-service attacks have become a regular occurrence on the Internet. The current architecture of the Internet, coupled with the relative ease with which software bugs can be exploited on Internet-connected hosts, provides a fruitful environment for the creation of malicious traffic attacks. This article proposes a novel DoS defence scheme based on Active Queue Management (AQM) principles...

متن کامل

Protection Against Denial of Service Attacks: A Survey

Denial of Service (DoS) is a prevalent threat in today’s networks because DoS attacks are easy to launch, while defending a network resource against them is disproportionately difficult. Despite the extensive research in recent years, DoS attacks continue to harm, as the attackers adapt to the newer protection mechanisms. For this reason, we start our survey with a historical timeline of DoS in...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005