A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks

Jayashree Padmanabhan, K. S. Easwarakumar, V. Anandharaman, K. Aswin, S. Vijay
{"title":"A Proactive Statistical Defense Solution for DDOS Attacks in Active Networks","authors":"Jayashree Padmanabhan, K. S. Easwarakumar, V. Anandharaman, K. Aswin, S. Vijay","doi":"10.1109/ICETET.2008.184","DOIUrl":null,"url":null,"abstract":"A distributed denial of service attack is coordinated and synchronized set of comprehensive attacks on a sophisticated network and its services that hampers the network infrastructure thereby bringing down its performance. Its effects are characterized by the uninformed delays and interruptions accompanied by undue losses. Since no optimal methodology exists, the internet continues to remain susceptible to DDoS attacks. The PacketScore scheme is a practical DDoS defense mechanism, which approximates the authenticity of the packets concerning its attribute values and discards selective attack packets. This paper extends the PacketScore scheme and implements a new two-level filtering mechanism using leaky bucket that can lessen the losses created by the attacks. The proposed scheme validates the data signatures of the packets complementing the check performed on the packet header. This two-level scrutiny enhances the correctness of detection of DDoS attacks. A standard model to review the efficiency of the two-level filtering has been proposed and the scheme has been deployed and tested in ANTS active network tool kit. The implementation of the proposed scheme is easy let alone efficient and effective in DDoS attack detection with an accurate response to varying DDoS attacks.","PeriodicalId":269929,"journal":{"name":"2008 First International Conference on Emerging Trends in Engineering and Technology","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 First International Conference on Emerging Trends in Engineering and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICETET.2008.184","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10

Abstract

A distributed denial of service attack is coordinated and synchronized set of comprehensive attacks on a sophisticated network and its services that hampers the network infrastructure thereby bringing down its performance. Its effects are characterized by the uninformed delays and interruptions accompanied by undue losses. Since no optimal methodology exists, the internet continues to remain susceptible to DDoS attacks. The PacketScore scheme is a practical DDoS defense mechanism, which approximates the authenticity of the packets concerning its attribute values and discards selective attack packets. This paper extends the PacketScore scheme and implements a new two-level filtering mechanism using leaky bucket that can lessen the losses created by the attacks. The proposed scheme validates the data signatures of the packets complementing the check performed on the packet header. This two-level scrutiny enhances the correctness of detection of DDoS attacks. A standard model to review the efficiency of the two-level filtering has been proposed and the scheme has been deployed and tested in ANTS active network tool kit. The implementation of the proposed scheme is easy let alone efficient and effective in DDoS attack detection with an accurate response to varying DDoS attacks.
针对活跃网络中DDOS攻击的主动统计防御方案
分布式拒绝服务攻击是指对复杂的网络及其服务进行协调、同步的综合攻击,使网络基础设施受到阻碍,从而导致网络性能下降。其影响的特点是不知情的延误和中断伴随着不应有的损失。由于没有最佳的方法存在,互联网仍然容易受到DDoS攻击。PacketScore方案是一种实用的DDoS防御机制,它根据报文的属性值逼近报文的真实性,并选择性地丢弃攻击报文。本文对PacketScore方案进行了扩展,利用泄漏桶实现了一种新的两级过滤机制,减少了攻击造成的损失。提出的方案验证数据包的数据签名,以补充对数据包头进行的检查。这种两级检测增强了DDoS攻击检测的正确性。提出了一个标准模型来评估两级滤波的效率,并在ANTS主动网络工具包中对该方案进行了部署和测试。该方案在DDoS攻击检测中实现简单、高效,能够准确响应各种DDoS攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信