Abstract
Distributed denial-of-service (DDoS) attacks have emerged as a major threat to the stability of the Internet. By the very nature of the DDoS attacks, pure preventive and pure reactive approaches are not effective to defend against them. We propose a global defense infrastructure to detect-and-respond to the DDoS attacks. This infrastructure consists of a network of distributed local detection systems (LDSes), which detect attacks and respond to them cooperatively. Because of the current Internet topology, this infrastructure can be very effective even if only a small number of major backbone ISPs participate in this infrastructure by installing fully configured LDSes. Moreover, we propose to use traffic volume anomaly for DDoS attack detection. A fully configured LDS monitors the passing traffic for an abnormally high volume of traffic destined to an IP host. A DDoS attack is confirmed if multiple LDSes have detected such anomalies at the same time. Our simulation studies have demonstrated that the proposed detection algorithms are responsive and effective in curbing DDoS attacks.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 10th IEEE International Conference on Networks |
| Subtitle of host publication | Towards Network Superiority, ICON 2002 |
| Pages | 419-427 |
| Number of pages | 9 |
| DOIs | |
| Publication status | Published - 1 Dec 2002 |
| Event | 10th IEEE International Conference on Networks: Towards Network Superiority, ICON 2002 - Singapore, Singapore Duration: 27 Aug 2002 → 30 Aug 2002 |
Conference
| Conference | 10th IEEE International Conference on Networks: Towards Network Superiority, ICON 2002 |
|---|---|
| Country/Territory | Singapore |
| City | Singapore |
| Period | 27/08/02 → 30/08/02 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Software
- Electrical and Electronic Engineering
- Safety, Risk, Reliability and Quality