Statistically countering denial of service attacks
暂无分享,去创建一个
In denial-of-service (DoS) attacks, the attackers usually randomize their source addresses to hide their true identities. This trick renders the victims unable to block the malicious traffic directly, as it appears to come from everywhere. Blocking the observed source addresses indiscriminatingly amounts to shutting off the legitimate communications at the same time. This paper proposes a statistical approach to determine the source address legitimacy when DoS attacks are detected. It utilizes the phenomenon that when the attackers uniformly randomize their addresses, the packet intensities from the spoofed sources exhibit similarity to one another. The proposed method attempts to discover this similarity to differentiate between the authentic and the spoofed sources. Based on this method, two differentiation schemes are designed. Their performance is studied by simulation. These two schemes aim to provide a supplementary DoS countermeasure in addition to the existing defense strategies.
[1] Hong Zhu,et al. NetBouncer: client-legitimacy-based high-performance DDoS filtering , 2003, Proceedings DARPA Information Survivability Conference and Exposition.
[2] Radia J. Perlman,et al. DoS protection for UDP-based protocols , 2003, CCS '03.
[3] Angelos D. Keromytis,et al. Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.