Mitigating Flooding-Based DDoS Attacks by Stochastic Fairness Queueing
نویسنده
چکیده
Flooding-based DDoS attacks is a very common way to attack a victim machine by directly or indirectly sending a large amount of malicious traffic to it. Stochastic Fairness Queueing (SFQ) is a typical implementation of Fair Queueing. This paper focuses on exploring the feasibility of mitigating flooding-based DDoS attacks by queueing disciplines. A comparative study is made between SFQ and FCFS (First Come First Served) on their efficacy and robustness in mitigating UDP flooding, a typical flooding-based DDoS attack. Simulation results based on Network Simulator 2 show FCFS has little effect on mitigating UDP flooding while SFQ is more effective and more robust.
منابع مشابه
New Approach to Mitigating Distributed Service Flooding Attacks
Distributed denial of service (DDoS) attacks pose great threat to the Internet and its public services. Various computation-based cryptographic puzzle schemes have been proposed to mitigate DDoS attacks when detection is hard or has low accuracy. Yet, existing puzzle schemes have shortcomings that limit their effectiveness in practice. First, the effectiveness of computation-based puzzles decre...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملMitigating Network-Based Denial-of-Service Attacks with Client Puzzles
Over the past few years, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have become more of a threat than ever. These attacks are aimed at denying or degrading service for a legitimate user by any means necessary. The need to propose and research novel methods to mitigate them has become a critical research issue in network security. Recently, client puzzle protocols h...
متن کاملA Defense Framework for Flooding-based DDoS Attacks
Distributed denial of service (DDoS) attacks are widely regarded as a major threat to the Internet. A flooding-based DDoS attack is a very common way to attack a victim machine by sending a large amount of malicious traffic. Existing networklevel congestion control mechanisms are inadequate in preventing service quality from deteriorating because of these attacks. Although a number of technique...
متن کاملClassification of UDP Traffic for DDoS Detection
UDP traffic has recently been used extensively in flooding-based distributed denial of service (DDoS) attacks, most notably by those launched by the Anonymous group. Despite extensive past research in the general area of DDoS detection/prevention, the industry still lacks effective tools to deal with DDoS attacks leveraging UDP traffic. This paper presents our investigation into the proportiona...
متن کامل