Towards defeating network denial-of-service attacks

Posted on:2005-01-14

Degree:Ph.D

Type:Dissertation

University:Case Western Reserve University

Candidate:Kim, Yoohwan

Full Text:PDF

GTID:1458390008479512

Subject:Computer Science

Abstract/Summary:

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. This dissertation proposes three methods for blocking DDoS attack that can be used independently or in combinations.; The first method, PacketScore is based on the premise that there are some traffic characteristics that are inherently stable during normal network operations of a target network, in the absence of DDoS attacks. During an attack, there is a noticeable change in traffic characteristics and PacketScore assigns a score to an incoming packet to indicate the likelihood of being a legitimate packet based upon how closely it follows normal traffic characteristics. Depending upon the victim link load, a threshold score is determined dynamically and packets below, the threshold score are dropped. Simulation results show that in most attack cases, more than 95% of the attack packets are dropped while more than 95% of the legitimate packets pass.; The second method, Deterministic Bit Marking (DBM), achieves both packet dropping and source traceback. Bit marking is a variation of the packet marking technique that modifies the packet header at each router. By altering the marking bits, a Path Signature (PS) is generated. PS's are quite unique in current Internet topology and can, thus, be used as a semi-source address. Traffic rate can be controlled per-PS basis, and the reverse marking allows back tracking the origin of the packet.; The third method, TCP packet filter, is a short-term, hardware-based solution. It is based on the idea that most web sites use only TCP and protecting TCP traffic is sufficient for many users. Since TCP follows specific connection rules and all TCP packets must belong to a flow, it is possible to detect rogue TCP packets that do not follow the rules. We propose an architecture for such a device and present the operating algorithms.; Since each of the above methods is powerful enough to block more than 95% of the DDoS attack traffic, the DDoS attacks become ineffective toward the victim and the attackers should be greatly discouraged.

Keywords/Search Tags:

Attack, Ddos, TCP, Traffic, Network

Related items

1	Research On Defense Against DDoS
2	A Core Technique Of DDoS Attack Prevention
3	Research And Implementation Of Anti-DDoS Attack System Based On Comware Platform
4	Research Of Detecting Method Against DDoS Attack Based On Behaviors Of Network Traffic
5	Research On DDoS Attack Suppression In ICS Environment
6	Research On DDoS Attack Detection And Path Backtracking Algorithm In SDN Environment
7	Backbone Of SP DDoS Attack And Defense Mechanisms Design And Implementation
8	Research On DDoS Attack Detection And Response Technology
9	Research And Implementation Of DDOS Attack Protection System Of Jinan Unicom IDC
10	Research On Detection And Defense Against DDoS Attack In Xen