Self-similarity in World Wide Web traffic: evidence and possible causes
IEEE/ACM Transactions on Networking (TON)
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
New directions in traffic measurement and accounting
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
We propose a two-stage Distributed Denial of Service (DDoS) defense system, which can protect a given subnet by serving existing flows and new flows with a different priority based on IP history information. Denial of Service (DoS) usually occurs when the resource of a network node or link is limited and the demand of the users for that resource exceeds the capacity. The objective of the proposed defense system is to provide continued service to existing flows even in the presence of DDoS attacks, and we attempt to achieve this goal by discriminating existing flows from new flows. The proposed scheme can protect existing connections effectively with a reduced memory size by reducing the monitored IP address set through sampling in the first stage and using Bloom filters. We evaluate the performance of the proposed scheme through simulation.