Abstract
Distributed Denial-of-Service (DDoS) attacks against public web servers are increasingly common. Countering DDoS attacks are becoming ever more challenging with the vast resources and techniques increasingly available to attackers. It is impossible for the victim servers to work on the individual level of on-going traffic flows. In this paper, we establish IP Flow which is used to select proper features for DDoS detection. The IP flow statistics is used to allocate the weights for traffic routing by routers. Our system protects servers from DDoS attacks without strong client authentication or allowing an attacker with partial connectivity information to repeatedly disrupt communications. The new algorithm is thus proposed to get efficiently maximum throughput by the traffic filtering, and its feasibility and validity have been verified in a real network circumstance. The experiment shows that it is with high average detection and with low false alarm and miss alarm. Moreover, it can optimize the network traffic simultaneously with defending against DDoS attacks, thus eliminating efficiently the global burst of traffic arising from normal traffic.
Highlights
Denial-of-Service (DoS [1]) attacks use legitimate requests to overload the server, causing it to hang, crash, reboot, or do useless work
There are three main defense approaches: traceback [4]—with the increase of zombies this approach will be invalidated rapidly; filtrate [5]—because this method requires the participation of the communication company and many routers, the filter must be open at all times, and the approach is too costly; throttle [6]—legitimate data stream will be limited because too many data streams converge at a central point
This paper aims at discussing a low cost, high performance and easy-to-deploy approach [7] which selects five statistical features from IP flow is proposed on filtering Distributed Denial-of-Service (DDoS) attacks on routers
Summary
Denial-of-Service (DoS [1]) attacks use legitimate requests to overload the server, causing it to hang, crash, reboot, or do useless work. The target application, machine, or network spends all of its critical resources on handling the attack traffic and cannot attend to its legitimate clients. There are three main defense approaches: traceback [4]—with the increase of zombies this approach will be invalidated rapidly; filtrate [5]—because this method requires the participation of the communication company and many routers, the filter must be open at all times, and the approach is too costly; throttle [6]—legitimate data stream will be limited because too many data streams converge at a central point.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Communications, Network and System Sciences
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
