An effective DDoS attack detection and packet-filtering scheme

A distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack. a large number of compromised hosts are amassed to send useless packets to jam a victim or its Internet connection. or both. Defense against DDoS attacks as well as identification of their sources comprise demanding challenges in the realm of Internet security studies. In this paper, effective measures are proposed for detecting attacks in routers through the use of queuing models, which help detect attacks closer to the attack sources. Utilizing these measures, an effective DDoS attack detection and packet-filtering scheme is proposed. The suggested approach is a cooperative technique among routers intended to protect the network from persistent and severe congestion arising from a rapid increase in attack traffic. Through computer simulations, it is shown that the proposed scheme can trace attacks near to the attack sources, and can effectively filter attack packets.
Publisher
IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG
Issue Date
2006-07
Language
ENG
Citation

IEICE TRANSACTIONS ON COMMUNICATIONS, v.E89B, pp.2033 - 2042

ISSN
0916-8516
DOI
10.1093/ietcom/e89-b.7.2033
URI
http://hdl.handle.net/10203/2054
Appears in Collection
IE-Journal Papers(저널논문)
  • Hit : 607
  • Download : 9
  • Cited 0 times in thomson ci
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡClick to seewebofscience_button
⊙ Cited 5 items in WoSClick to see citing articles inrecords_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0