ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Defending Against Low-Rate TCP Attacks: Dynamic Detection and Protection
ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
Trade-offs in probabilistic packet marking for IP traceback
Journal of the ACM (JACM)
You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers
IEEE Transactions on Parallel and Distributed Systems
Traffic-Adaptive Packet Filtering of Denial of Service Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Analysis of traceback techniques
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
ALPi: A DDoS Defense System for High-Speed Networks
IEEE Journal on Selected Areas in Communications
Adaptive Defense Against Various Network Attacks
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
One of the major threats to cyber security is the Distributed Denial-of-Service (DDoS) attack. In this paper, we focus on three kinds of sophisticated DDoS attacks that seriously cripple the current DDoS defense systems and have not been solved yet. In Fast Adaptive Attacks (FAAs), attackers adaptively generate attacking traffic based on the feedback from a victim in Round Trip Time (RTT). Almost all proposed rules-based filtering schemes cannot effectively defend against FAAs, since they need a relatively long time (compared to RTT) to update filtering rules. In Adaptive Attacks with statistical filtering rules Scanning (AAS), attackers circumvent the defense system by discovering the statistical filtering rules of the defense system and then generating flooding traffic to mimic nominal traffic. In Low-Rate TCP Attacks (LRAs), attackers send periodic attack pulses to overflow a router's buffer and force the legitimate TCP flow to a low throughput while staying under the radar with a very low average rate. In this paper, we propose a Leaky-Bucket (LB) based highly robust DDoS defense system, called RateGuard. It can react to FAAs and LRAs by rate-limiting excessive traffic in real-time according to the victim's nominal traffic profile. Moreover, by associating an LB with each joint attribute value, the huge space required for possible joint attribute values makes it almost impossible for attackers to scan the victim's nominal traffic profiles and, thus, makes it highly robust to cope with AAS and other sophisticated attacks.