Defending Against Distributed Denial of Service Attacks

The Denial of Service attack, especially the Distributed Denial of Service (DDoS) attack, has become one of the major threats to the Internet. Generally, attackers launch DDoS attacks by directing a massive number of attack sources to send useless traffic to the victim. The victim’s services are disrupted when its host or network resources are occupied by the attack traffic. The threat of DDoS attacks has become even more severe as attackers can compromise a huge number of computers by spreading a computer worm using vulnerabilities in popular operating systems. This thesis investigates DoS attacks (including DDoS attacks), and is divided into three parts. In the first part, we categorize existing defense mechanisms, and analyze their strengths and weaknesses. In particular, we design a countermeasure for each defense mechanism from the attacker’s point of view. In the second part of our investigation, we develop and evaluate three defense models for DoS attacks: the Victim Model, the Victim-Router Model, and the RouterRouter Model. Each of these models provides defense in a different part of the network, and has different resource requirements. • The Victim Model provides defense at the target or victim of an attack. We develop a novel technique for identifying attack traffic based on the connection history at the victim. We then present a history-based IP filtering algorithm to filter attack traffic in an accurate and efficient manner. A key advantage of