Distributed Defence Against Denial of Service Attacks: A Practical View
نویسندگان
چکیده
In recent years, Denial of Service attacks have evolved into a predominant network security threat. In our previous work, we identified the necessary building blocks for an effective defence mechanism and suggested ways to integrate them. Here, we present the results of this integration on the DoS-resilience of a real networking testbed which runs the Self-Aware CPN routing protocol. The incoming traffic at each node is monitored with a detection mechanism that is based on maximum likelihood estimation. In response to high probability of attack, the traffic is ratelimited proportionally to the measured probability. We illustrate the results of the experiments we have performed to demonstrate the efficiency of the distributed defence system that we propose.
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملCooperative Defence Against DDoS Attacks
Distributed denial of service (DDoS) attacks on the Internet have become an immediate problem. As DDoS streams do not have common characteristics, currently available intrusion detection systems (IDS) cannot detect them accurately. As a result, defend DDoS attacks based on current available IDS will dramatically affect legitimate traffic. In this paper, we propose a distributed approach to defe...
متن کاملA Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks
This paper describes a set of criteria for evaluating defence mechanisms against flooding denial of service (DoS) attacks. Effectiveness and usefulness of a defence mechanism in mitigating a DoS attack depends on many issues which are presented here in the form of a taxonomy. The primary goal of this taxonomy is to help in getting a comprehensive view on both the strengths and weaknesses of a s...
متن کاملHoneypots for Distributed Denial of Service Attacks
Distributed Denial-of-Service attacks are still a big threat to the Internet. Several proposals for coping with the attacks have been made in the recent past, but neither of them are successful on themselves alone. In this paper, we present a system that helps in the defence in depth of a network from DDoS attacks. In addition to state-of-art active and passive security defences, we propose a h...
متن کامل