A. Papalambrou, K. Stefanidis, J. Gialelis, D. Serpanos
{"title":"网络嵌入式系统中拒绝服务攻击的检测、回溯与过滤","authors":"A. Papalambrou, K. Stefanidis, J. Gialelis, D. Serpanos","doi":"10.1145/2668322.2668327","DOIUrl":null,"url":null,"abstract":"This work presents a composite scheme for detection, traceback and filtering of distributed denial of service (DDoS) attacks in networked embedded systems. A method based on algorithmic analysis of various node and network parameters is used to detect attacks while a packet marking method is used to mitigate the effects of the attack by filtering the incoming traffic that is part of this attack and trace back to the origin of the attack. The combination of the detection and mitigation methods provide an increased level of security in comparison to approaches based on a single method. Furthermore, the scheme is developed in a way to comply with the novel SHIELD secure architecture being developed, which aims at providing interoperability with other secure components as well as metrics to quantify their security properties.","PeriodicalId":434126,"journal":{"name":"WESS '14","volume":"262 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Detection, traceback and filtering of denial of service attacks in networked embedded systems\",\"authors\":\"A. Papalambrou, K. Stefanidis, J. Gialelis, D. Serpanos\",\"doi\":\"10.1145/2668322.2668327\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This work presents a composite scheme for detection, traceback and filtering of distributed denial of service (DDoS) attacks in networked embedded systems. A method based on algorithmic analysis of various node and network parameters is used to detect attacks while a packet marking method is used to mitigate the effects of the attack by filtering the incoming traffic that is part of this attack and trace back to the origin of the attack. The combination of the detection and mitigation methods provide an increased level of security in comparison to approaches based on a single method. Furthermore, the scheme is developed in a way to comply with the novel SHIELD secure architecture being developed, which aims at providing interoperability with other secure components as well as metrics to quantify their security properties.\",\"PeriodicalId\":434126,\"journal\":{\"name\":\"WESS '14\",\"volume\":\"262 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"WESS '14\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2668322.2668327\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"WESS '14","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2668322.2668327","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection, traceback and filtering of denial of service attacks in networked embedded systems
This work presents a composite scheme for detection, traceback and filtering of distributed denial of service (DDoS) attacks in networked embedded systems. A method based on algorithmic analysis of various node and network parameters is used to detect attacks while a packet marking method is used to mitigate the effects of the attack by filtering the incoming traffic that is part of this attack and trace back to the origin of the attack. The combination of the detection and mitigation methods provide an increased level of security in comparison to approaches based on a single method. Furthermore, the scheme is developed in a way to comply with the novel SHIELD secure architecture being developed, which aims at providing interoperability with other secure components as well as metrics to quantify their security properties.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
