论文信息 - An adaptive control mechanism for mitigating DDoS attacks

An adaptive control mechanism for mitigating DDoS attacks

Distributed Denial-of-Service (DDoS) attacks are a major threat to availability of Internet services and resources. We present an adaptive control mechanism that utilizes the Shewhart's control charts based-on network connection to aid in handling DDoS attacks. This mechanism is designed to prevent incoming traffic from exceeding a given threshold, while allowing as much incoming, legitimate traffic as possible. In addition, this mechanism focuses on requiring less demanding modifications to external routers and networks than other published distributed response mechanisms that impact the effect of DDoS attacks. The experimental results show the effectiveness of our scheme in early mitigating DDoS attacks.

Jiexin Pu | Qingtao Wu | Ruijuan Zheng | Shibao Sun

[1] Kang G. Shin,et al. Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[2] Kotagiri Ramamohanarao,et al. Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[3] Kamil Saraç,et al. IP traceback based on packet marking and logging , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[4] Roger M. Needham,et al. Denial of service , 1993, CCS '93.

[5] Wenke Lee,et al. Proactive Intrusion Detection and Distributed Denial of Service Attacks—A Case Study in Security Management , 2002, Journal of Network and Systems Management.

[6] Jung-Taek Seo,et al. Defending DDoS Attacks Using Network Traffic Analysis and Probabilistic Packet Drop , 2004, GCC Workshops.

[7] David K. Y. Yau,et al. Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[8] Alexander G. Tartakovsky,et al. A novel approach to detection of \denial{of{service" attacks via adaptive sequential and batch{sequential change{point detection methods , 2001 .

[9] Kang G. Shin,et al. Hop-Count Filtering : An Effective Defense Against Spoofed Traffic , 2003 .