A detection and filter system for use against large-scale DDoS attacks in the internet backbone

Authors:
Lukas Ruf;Arno Wagner;Károly Farkas;Bernhard Plattner
Affiliations:
Computer Engineering and Networks Laboratory, Swiss Federal Institute of Technology Zurich, Zurich, Switzerland;Computer Engineering and Networks Laboratory, Swiss Federal Institute of Technology Zurich, Zurich, Switzerland;Computer Engineering and Networks Laboratory, Swiss Federal Institute of Technology Zurich, Zurich, Switzerland;Computer Engineering and Networks Laboratory, Swiss Federal Institute of Technology Zurich, Zurich, Switzerland
Venue:
IWAN'04 Proceedings of the 6th IFIP TC6 international working conference on Active networks
Year:
2004

Citing 11
Cited 1

Router plugins: a software architecture for next-generation routers

IEEE/ACM Transactions on Networking (TON)
The click modular router

ACM Transactions on Computer Systems (TOCS)
PromethOS: A Dynamically Extensible Router Architecture Supporting Explicit Routing

IWAN '02 Proceedings of the IFIP-TC6 4th International Working Conference on Active Networks
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
FIDRAN: A Flexible Intrusion Detection and Response Framework for Active Networks

ISCC '03 Proceedings of the Eighth IEEE International Symposium on Computers and Communications
Access for sale: a new class of worm

Proceedings of the 2003 ACM workshop on Rapid malcode
Experiences with worm propagation simulations

Proceedings of the 2003 ACM workshop on Rapid malcode
A Scalable High-performance Router Platform Supporting Dynamic Service Extensibility On Network and Host Processors

ICPS '04 Proceedings of the The IEEE/ACS International Conference on Pervasive Services
An Economic Damage Model for Large-Scale Internet Attacks

WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Splits stream handlers: deploying application-level services to attached network processors

Splits stream handlers: deploying application-level services to attached network processors
The SwitchWare active network architecture

IEEE Network: The Magazine of Global Internetworking

An extensible and flexible system for network anomaly detection

AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed denial of service (DDoS) attacks in the Internet pose huge problems on nowadays communication infrastructure. Attacks either destroy information or impede access to a service. Since the significance of the Internet to business and economy is growing rapidly, efficient protection mechanisms are urgently required to protect hosts from being infected and, more important, sites from being attacked. Detection of DDoS attacks requires deep packet inspection at link speed, and context-dependent packet handling for countermeasures. This functionality is not achievable with nowadays commercial high-performance routers. In this paper, we therefore present our problem space exploration of DDoS attacks and propose a flexible service architecture for detection and filter mechanisms to counteract DDoS attacks. To achieve the performance required for backbone routers together with the flexibility needed for services counteracting DDoS attacks, we base the proposal on our PromethOS NP router platform that manages and controls hierarchical network nodes built of network and host processors.