Summary cache: a scalable wide-area Web cache sharing protocol
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Defending Against TCP SYN Flooding Attacks Under Different Types of IP Spoofing
ICNICONSMCL '06 Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies
Proposal of privacy protection system for web forms using Bloom filter
Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication
Survey Bloom filter applications in network security: A state-of-the-art survey
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Recently, the key of network security is turning from passive detection to active defense. However, most works focused on how fast it can detect the DDoS attack and start defence, and existing methods for differentiating DDoS attack packets, especially SYN flooding attacks, are too time-expensive. When SYN flooding started, victim servers have to call for a lot of memory, usually more than 500MB, to store the attack packets. To make the differentiating scheme more robust, we record the TCP session statistics (IP-TTL) of SYN packets in a Traceback-based Bloom Filter (TBF), and as the attacks start, we match the SYN packets and IP-TTL statistics to differentiate the attacks packets. In addition, we introduce the trace-back strategy to filter the frequently attacked TBF's IP. In comparison with current methods, the proposed approach can both hold back large-scale fake IP and defend IP Spoofing. Experiments verify that once applied the proposed method in Snort_inline, the hold back precision is 98.65% and the semi-join queue is almost empty, otherwise, the precision is near to zero and the semi-join queue is full.