Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Tracing DDoS Floods: An Automated Approach
Journal of Network and Systems Management
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Tracers placement for IP traceback against DDoS attacks
Proceedings of the 2006 international conference on Wireless communications and mobile computing
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Provider-based deterministic packet marking against distributed DoS attacks
Journal of Network and Computer Applications
DDoS: design, implementation and analysis of automated model
International Journal of Wireless and Mobile Computing
DoSTRACK: a system for defending against DoS attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Counteracting DDoS attacks in WLAN
Proceedings of the 4th international conference on Security of information and networks
Detection of unknown dos attacks by kolmogorov-complexity fluctuation
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
A distributed network architecture for robust internet voting systems
EGOV'05 Proceedings of the 4th international conference on Electronic Government
| Hi-index | 0.00 |
Today distributed denial of service (DDoS) attacks are causing major problems to conduct online business over the Internet. Recently several schemes have been proposed on how to prevent some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this paper, we propose a Controller-Agent model that would greatly minimize DDoS attacks on Internet. With a new packet marking technique and agent design our scheme is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses. Our scheme is invoked only during attack times, is able to process the victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, can prevent the attack traffic at the nearest router to the attacking system, has fast response time, is simple in its implementation and can be incrementally deployed. Hence we believe that the scheme proposed in this paper seems to be a promising approach to prevent distributed denial of service attacks