Engineering of a global defense infrastructure for DDoS attacks

K. K.K. Wan, Kow Chuen Chang

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

29 Citations (Scopus)


Distributed denial-of-service (DDoS) attacks have emerged as a major threat to the stability of the Internet. By the very nature of the DDoS attacks, pure preventive and pure reactive approaches are not effective to defend against them. We propose a global defense infrastructure to detect-and-respond to the DDoS attacks. This infrastructure consists of a network of distributed local detection systems (LDSes), which detect attacks and respond to them cooperatively. Because of the current Internet topology, this infrastructure can be very effective even if only a small number of major backbone ISPs participate in this infrastructure by installing fully configured LDSes. Moreover, we propose to use traffic volume anomaly for DDoS attack detection. A fully configured LDS monitors the passing traffic for an abnormally high volume of traffic destined to an IP host. A DDoS attack is confirmed if multiple LDSes have detected such anomalies at the same time. Our simulation studies have demonstrated that the proposed detection algorithms are responsive and effective in curbing DDoS attacks.
Original languageEnglish
Title of host publicationProceedings - 10th IEEE International Conference on Networks
Subtitle of host publicationTowards Network Superiority, ICON 2002
Number of pages9
Publication statusPublished - 1 Dec 2002
Event10th IEEE International Conference on Networks: Towards Network Superiority, ICON 2002 - Singapore, Singapore
Duration: 27 Aug 200230 Aug 2002


Conference10th IEEE International Conference on Networks: Towards Network Superiority, ICON 2002

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Electrical and Electronic Engineering
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Engineering of a global defense infrastructure for DDoS attacks'. Together they form a unique fingerprint.

Cite this