Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
Distributed Denial of Service (DDoS) attacks are one of the most damaging threats against Internet based applications. Many of the DDoS defense mechanisms may unintentionally deny a certain portion of legitimate user accesses by mistaking them as attackers or may simply not block enough traffic to adequately protect the victim. Other better performing systems have not yet to reach adoption because of designs that require a substantial investment into the Internet infrastructure before offering much effectiveness. This paper proposes Heimdall, a novel traffic verification based framework to protect legitimate traffic from bilateral damages. Based on a proof-of-work technique and application of distributed hash ID, aside from protecting established connections, our system can validate new initial request for communication and open valid channels between users and the protected server. Through intensive simulation experiments on the ns-2 network simulator, we verified that Heimdall scheme can effectively protect legitimate communications and filter out malicious flows with very high accuracy.