A Distributed Denial-of-Service Defense System Using Leaky-Bucket-Based PacketScore (preliminary work)
نویسندگان
چکیده
Distributed Denial of Service (DDoS) attacks have been a big threat to the Internet while no effective schemes have been proposed or deployed, leaving the Internet still vulnerable to such attacks. We propose a proactive DDoS defense scheme [Ki04] by having multiple routers form a defense perimeter. They collaboratively detect DDoS attacks, if exist, and differentiate attacking packets from good ones by scoring every arrival packet destined to identified victims, based on its attribute values, and discard those with scores less than a dynamic threshold. Those with lower scores are more likely to be the at-
منابع مشابه
A High-Speed PacketScore DDoS Defense System
Distributed Denial of Service (DDoS) attacks pose a significant threat to the Internet while no effective defense schemes have been proposed or deployed. PacketScore has been proposed as a proactive DDoS defense scheme, which detects DDoS attacks, differentiates attacking packets from good ones with the use of packet scoring (scores are calculated per-packet based on the attribute values it pos...
متن کاملA Four-StepTechnique forTackling DDoS Attacks
This paper proposes a novel feedback-based control technique that tackles distributed denial of service (DDoS) attacks in four consecutive phases. While protection routers close to the server control inbound traffic rate and keeps the server alive (phase 1), the server negotiate with upstream routers close to traffic sources to install leaky-buckets for its IP address. The negotiation continues...
متن کاملPacketScore: A Statistical Packet Filtering Scheme against Distributed Denial-of-Service Attacks
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score o...
متن کاملDefending Against Distributed Denial-of-Service Attacks With Weight-Fair Router Throttling
A high profile internet server is always a target of denial-of-service attacks. In this paper, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the server ...
متن کاملDefending against Distributed Denial-of-Service Attacks with Weight-Fair Router Throttles
A high profile internet server is always a target of denial-of-service attacks. In this project, we propose a novel technique for protecting an internet server from distributed denial-of-service attacks. The defense mechanism is based on a distributed algorithm that performs weight-fair throttling at the upstream routers. The throttling is weight-fair because the traffics destined for the serve...
متن کامل