Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
SAINT '06 Proceedings of the International Symposium on Applications on Internet
Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics
Journal of Network and Systems Management
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Packet Filtering Based on Source Router Marking and Hop-Count
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
A Defensive Mechanism to Defend against DoS / DDoS Attacks by IP Traceback with DPM
ICCIMA '07 Proceedings of the International Conference on Computational Intelligence and Multimedia Applications (ICCIMA 2007) - Volume 04
Hi-index | 0.00 |
The basis of denial of service (DoS)/distributed DoS (DDoS) attacks lies in overwhelming a victim's computer resources by flooding them with enormous traffic. This is done by compromising multiple systems that send a high volume of traffic. The traffic is often formulated in such a way that it consumes finite resources at abnormal rates either at victim or network level. In addition, spoofing of source addresses makes it difficult to combat such attacks. This paper adopts a twofold collaborative mechanism, wherein the intermediate routers are engaged in markings and the victim uses these markings for detecting and filtering the flooding attacks. The markings are used to distinguish the legitimate network traffic from the attack so as to enable the routers near the victim to filter the attack packets. The marked packets are also helpful to backtrack the true origin of the spoofed traffic, thus dropping them at the source rather than allowing them to traverse the network. To further aid in the detection of spoofed traffic, Time to Live (TTL) in the IP header is used. The mappings between the IP addresses and the markings along with the TTLs are used to find the spurious traffic. We provide numerical and simulated experimental results to show the effectiveness of the proposed system in distinguishing the legitimate traffic from the spoofed. We also give a statistical report showing the performance of our system.