A network mitigation system against distributed denial of service: a linux-based prototype

Authors:
Lei Qi;Marjan Zandi;Miguel Vargas Martin
Affiliations:
University of Ontario Institute of Technology, Oshawa, Ontario, Canada;University of Ontario Institute of Technology, Oshawa, Ontario, Canada;University of Ontario Institute of Technology, Oshawa, Ontario, Canada
Venue:
IMSA'07 IASTED European Conference on Proceedings of the IASTED European Conference: internet and multimedia systems and applications
Year:
2007

Citing 17
Cited 0

Analysis and simulation of a fair queueing algorithm

SIGCOMM '89 Symposium proceedings on Communications architectures & protocols
Random early detection gateways for congestion avoidance

IEEE/ACM Transactions on Networking (TON)
Dynamics of random early detection

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Summary cache: a scalable wide-area web cache sharing protocol

IEEE/ACM Transactions on Networking (TON)
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites

Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Comparative Analysis of the Hardware Implementations of Hash Functions SHA-1 and SHA-512

ISC '02 Proceedings of the 5th International Conference on Information Security
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Longest prefix matching using bloom filters

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Using Dynamic Buffer Limiting to Protect against Belligerent Flows in High-Speed Networks

ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
Space-code bloom filter for efficient traffic flow measurement

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Duplicate detection in click streams

WWW '05 Proceedings of the 14th international conference on World Wide Web
A monitoring system for detecting repeated packets with applications to computer worms

International Journal of Information Security
Software performance of universal hash functions

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks

IEEE Transactions on Parallel and Distributed Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed denial of service (DDoS) is a serious threat to service availability that poses important concerns. Web-based organizations are under a great pressure to prevent, detect, react, and mitigate DDoS attacks which can lead to severe outages. The main contribution of this paper is a DDoS mitigation system based on Bloom filters, which has been prototyped in a Linux system and tested in our local laboratory. Our experiments show that our system is capable of attenuating the effects of a typical DDoS attack and is able to mitigate a large number of disrupting traffic.