PPF model with CTNT to defend web server from DDoS attack

Authors:
Jungtaek Seo;Cheolho Lee;Jungtae Kim;Taeshik Shon;Jongsub Moon
Affiliations:
National Security Research Institute, Daejeon, Republic of Korea;National Security Research Institute, Daejeon, Republic of Korea;Graduate School of Information and Communication, Ajou University, Republic of Korea;CIST, KOREA University, Seoul, Republic of Korea;CIST, KOREA University, Seoul, Republic of Korea
Venue:
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Year:
2005

Citing 5
Cited 0

Random early detection gateways for congestion avoidance

IEEE/ACM Transactions on Networking (TON)
An introduction to Kolmogorov complexity and its applications (2nd ed.)

An introduction to Kolmogorov complexity and its applications (2nd ed.)
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
Denial-of-Service Attacks Rip the Internet

Computer
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a probabilistic packet filtering (PPF) model to defend the Web server against Distributed Denial-of-Service (DDoS) attacks. To distinguish abnormal traffics from normal ones, we used Concentration Tendency of Network Traffic (CTNT). The CTNT mechanism computes the ratio of a specific type of packets among the total amount of network packet, and detects abnormal traffic if and only if the computed ratio exceeds the ratio in normal situation. If the CTNT mechanism detects DDoS attacks, the proposed model probabilistically filters the packets related to these. The simulation results demonstrate it is useful to early detect DDoS attacks. Furthermore, it is effective to protect the Web servers from DDoS attacks.