Protection against DDoS Attacks Based on Traffic Level Measurements

— A method for protecting an Internet server against a bandwidth-consuming DDoS attack is proposed and analyzed. Incoming traffic is monitored continuously and " dangerous " traffic intensity rises are detected. Such an event activates a traffic filtering rule which pushes down the incoming aggregate traffic to an acceptable level by discarding excess packets according to the measured relative traffic levels of active sources. Compared to other studies, our method has a structurally stronger base: legitimate traffic to the server is not necessarily hindered because of the attack or the traffic suppression. The method is supported by an analysis and a simulation as well.

[1]  L. Buttyán,et al.  A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks , 2003 .

[2]  Pars Mutaf,et al.  Defending against a Denial-of-Service Attack on TCP , 1999, Recent Advances in Intrusion Detection.

[3]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[4]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[5]  Anu Ramanathan,et al.  WADeS: a tool for Distributed Denial of Service Attack detection , 2002 .

[6]  Pekka Nikander,et al.  Towards Network Denial of Service Resistant Protocols , 2000, SEC.

[7]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[8]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[9]  Pasi Eronen,et al.  Denial of service in public key protocols , 2000 .

[10]  R. Syski,et al.  Fundamentals of Queueing Theory , 1999, Technometrics.

[11]  Jeff Forristal Review: fireproofing against DoS attacks , 2001 .

[12]  Hideki Imai,et al.  Protection of Authenticated Key-Agreement Protocol against a Denial-of-Service Attack , 1998 .

[13]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[14]  Thomer M. Gil MULTOPS: a data structure for denial-of-service attack detection , 2000 .

[15]  N. Fisher,et al.  Probability Inequalities for Sums of Bounded Random Variables , 1994 .

[16]  Pekka Nikander,et al.  Stateless connections , 1997, ICICS.

[17]  Ari Juels,et al.  $evwu Dfw , 1998 .

[18]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.