A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Automating DDoS experimentation
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Timing considerations in detecting resource starvation attacks using statistical profiles
International Journal of Electronic Security and Digital Forensics
Design of the host guard firewall for network protection
ISP'08 Proceedings of the 7th WSEAS international conference on Information security and privacy
A behavior-based ingress rate-limiting mechanism against DoS/DDoS attacks
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Path attestation scheme to avert DDoS flood attacks
NETWORKING'10 Proceedings of the 9th IFIP TC 6 international conference on Networking
Effect of malicious synchronization
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Distributed defence against denial of service attacks: a practical view
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
SYN flooding attack detection by TCP handshake anomalies
Security and Communication Networks
| Hi-index | 0.00 |
Distributed denial-of-service (DDoS) attacks are a grave and challenging problem. Perpetration requires little effort on the attacker's side, since a vast number of insecure machines provides fertile ground for attack zombies, and automated scripts for exploit and attack can easily be downloaded and deployed. On the other hand, prevention of the attack or the response and traceback of perpetrators is extremely difficult due to a large number of attacking machines, the use of source-address spoofing and the similarity between legitimate and attack traffic. Many defense systems have been designed in the research and commercial communities to counter DDoS attacks, yet the problem remains largely unsolved. This thesis explores the problem of DDoS defense from two directions: (1) it strives to understand the origin of the problem and all its variations, and provides a survey of existing solutions, and (2) it presents the design (and implementation) of a source-end DDoS defense system called D-WARD that prevents outgoing attacks from deploying networks. Source-end defense is not the complete solution to DDoS attacks, since networks that do not deploy the proposed defense can still perform successful attacks. However, this thesis shows that a source-end defense (implemented in the D-WARD system) can detect and prevent a significant number of DDoS attacks, does not incur significant cost for its operation, and offers good service to legitimate traffic during the attack. By performing successful differentiation between legitimate and attack traffic close to the source, source-end defense is one of the crucial building blocks of the complete DDoS solution and essential for promoting Internet security. The thesis also includes a description of two joint projects where D-WARD has been integrated into a distributed defense system, and extensively tested. In all of the experiments, the operation of the system significantly improved with the addition of D-WARD.