{"title":"利用路由仲裁器架构抵御多个ISP域的DDoS攻击","authors":"U. Tupakula, V. Varadharajan","doi":"10.1109/ICON.2003.1266233","DOIUrl":null,"url":null,"abstract":"Today Distributed Denial of Service (DDoS) attacks are causing major threat to perform online business over the Internet. Our previous work proposed an automated model with a new packet marking technique and agent design to counteract DDoS within a single ISP domain. Our approach has many features that are required to minimize the DDoS attacks. For example, our model is invoked only during attack times, identifies the approximate source of attack with a single packet even in case of spoofed source address, identifies different attack signatures for different attacking sources, prevents the attack nearest to the attacking source, has very fast response for any changes in attack traffic pattern, is simple in its implementation and can be incrementally deployed. Though the proposed model has several advantages, prevention of the attack is limited to a single ISP domain. In this paper we extend our model to prevent DDoS attacks in multiple ISP domains by retaining all the advantages achieved in our previous work. We also propose a practical implementation of the extended model with a presently working architecture.","PeriodicalId":122389,"journal":{"name":"The 11th IEEE International Conference on Networks, 2003. ICON2003.","volume":"27 9","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture\",\"authors\":\"U. Tupakula, V. Varadharajan\",\"doi\":\"10.1109/ICON.2003.1266233\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today Distributed Denial of Service (DDoS) attacks are causing major threat to perform online business over the Internet. Our previous work proposed an automated model with a new packet marking technique and agent design to counteract DDoS within a single ISP domain. Our approach has many features that are required to minimize the DDoS attacks. For example, our model is invoked only during attack times, identifies the approximate source of attack with a single packet even in case of spoofed source address, identifies different attack signatures for different attacking sources, prevents the attack nearest to the attacking source, has very fast response for any changes in attack traffic pattern, is simple in its implementation and can be incrementally deployed. Though the proposed model has several advantages, prevention of the attack is limited to a single ISP domain. In this paper we extend our model to prevent DDoS attacks in multiple ISP domains by retaining all the advantages achieved in our previous work. We also propose a practical implementation of the extended model with a presently working architecture.\",\"PeriodicalId\":122389,\"journal\":{\"name\":\"The 11th IEEE International Conference on Networks, 2003. ICON2003.\",\"volume\":\"27 9\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 11th IEEE International Conference on Networks, 2003. ICON2003.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICON.2003.1266233\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 11th IEEE International Conference on Networks, 2003. ICON2003.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICON.2003.1266233","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture
Today Distributed Denial of Service (DDoS) attacks are causing major threat to perform online business over the Internet. Our previous work proposed an automated model with a new packet marking technique and agent design to counteract DDoS within a single ISP domain. Our approach has many features that are required to minimize the DDoS attacks. For example, our model is invoked only during attack times, identifies the approximate source of attack with a single packet even in case of spoofed source address, identifies different attack signatures for different attacking sources, prevents the attack nearest to the attacking source, has very fast response for any changes in attack traffic pattern, is simple in its implementation and can be incrementally deployed. Though the proposed model has several advantages, prevention of the attack is limited to a single ISP domain. In this paper we extend our model to prevent DDoS attacks in multiple ISP domains by retaining all the advantages achieved in our previous work. We also propose a practical implementation of the extended model with a presently working architecture.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
