For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
An Effective DDoS Attack Detection and Packet-Filtering Scheme
Seokbong JEONG Hyunwoo KIM Sehun KIM
IEICE TRANSACTIONS on Communications
Publication Date: 2006/07/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Network Management/Operation
DDoS attack, network security, queuing model, packet-filtering,
Full Text: PDF(2.2MB)>>
A distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim or its Internet connection, or both. Defense against DDoS attacks as well as identification of their sources comprise demanding challenges in the realm of Internet security studies. In this paper, effective measures are proposed for detecting attacks in routers through the use of queuing models, which help detect attacks closer to the attack sources. Utilizing these measures, an effective DDoS attack detection and packet-filtering scheme is proposed. The suggested approach is a cooperative technique among routers intended to protect the network from persistent and severe congestion arising from a rapid increase in attack traffic. Through computer simulations, it is shown that the proposed scheme can trace attacks near to the attack sources, and can effectively filter attack packets.