Defending against flooding-based distributed denial-of-service attacks: A tutorial

Kow Chuen Chang

Research output: Journal article publicationJournal articleAcademic researchpeer-review

356 Citations (Scopus)

Abstract

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. The main purpose of this article is therefore twofold. The first one is to describe various DDoS attack methods, and to present a systematic review and evaluation of the existing defense mechanisms. The second is to discuss a longer-term solution, dubbed the Internet-firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim.
Original languageEnglish
Pages (from-to)42-51
Number of pages10
JournalIEEE Communications Magazine
Volume40
Issue number10
DOIs
Publication statusPublished - 1 Oct 2002

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this