A Distributed Denial-of-Service Defense System Using Leaky-Bucket-Based PacketScore (preliminary work)

نویسندگان

  • Paulo Ayres
  • Huizhong Sun
  • H. Jonathan Chao
  • Wing C. Lau
چکیده

Distributed Denial of Service (DDoS) attacks have been a big threat to the Internet while no effective schemes have been proposed or deployed, leaving the Internet still vulnerable to such attacks. We propose a proactive DDoS defense scheme [Ki04] by having multiple routers form a defense perimeter. They collaboratively detect DDoS attacks, if exist, and differentiate attacking packets from good ones by scoring every arrival packet destined to identified victims, based on its attribute values, and discard those with scores less than a dynamic threshold. Those with lower scores are more likely to be the at-

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A High-Speed PacketScore DDoS Defense System

Distributed Denial of Service (DDoS) attacks pose a significant threat to the Internet while no effective defense schemes have been proposed or deployed. PacketScore has been proposed as a proactive DDoS defense scheme, which detects DDoS attacks, differentiates attacking packets from good ones with the use of packet scoring (scores are calculated per-packet based on the attribute values it pos...

متن کامل

A Four-StepTechnique forTackling DDoS Attacks

This paper proposes a novel feedback-based control technique that tackles distributed denial of service (DDoS) attacks in four consecutive phases. While protection routers close to the server control inbound traffic rate and keeps the server alive (phase 1), the server negotiate with upstream routers close to traffic sources to install leaky-buckets for its IP address. The negotiation continues...

متن کامل

PacketScore: A Statistical Packet Filtering Scheme against Distributed Denial-of-Service Attacks

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score o...

متن کامل

Defending Against Distributed Denial-of-Service Attacks With Weight-Fair Router Throttling

A high profile internet server is always a target of denial-of-service attacks. In this paper, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the server ...

متن کامل

Defending against Distributed Denial-of-Service Attacks with Weight-Fair Router Throttles

A high profile internet server is always a target of denial-of-service attacks. In this project, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the serve...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006