Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
A self-aware approach to denial of service defence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
AID: A global anti-DoS service
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing
Protecting information infrastructure from DDoS attacks by MADF
International Journal of High Performance Computing and Networking
Simulation and Analysis of DDoS in Active Defense Environment
Computational Intelligence and Security
IEEE/ACM Transactions on Networking (TON)
Unified defense against DDoS attacks
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II
Enhanced and authenticated deterministic packet marking for IP traceback
APPT'07 Proceedings of the 7th international conference on Advanced parallel processing technologies
Efficient and beneficial defense against DDoS direct attack and reflector attack
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
Safeguard information infrastructure against DDoS attacks: experiments and modeling
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
A novel technique for detecting DDoS attacks at its early stage
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
An intelligent approach of packet marking at edge router for IP traceback
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
| Hi-index | 0.00 |
Distributed Denial of Service (DDoS) is one of the most difficult security problems to address. While many existing techniques (e.g., IP traceback) focus on tracking the location of the attackers after-the-fact, little is done to mitigate the effect of an attack while it is raging on. We present a novel technique that can effectively filter out the majority of DDoS traffic, thus improving the overall throughput of the legitimate traffic. The proposed scheme leverages on and generalizes the IP traceback schemes to obtain the information concerning whether a network edge is on the attacking path of an attacker ("infected") or not ("clean"). We observe that, while an attacker will have all the edges on its path marked as "infected," edges on the path of a legitimate client will mostly be "clean". By preferentially filtering out packets that are inscribed with the marks of "infected" edges, the proposed scheme removes most of the DDoS traffic while affecting legitimate traffic only slightly. Simulation results based on real-world network topologies all demonstrate that the proposed technique can improve the throughput of legitimate traffic by three to seven times during DDoS attacks.