Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
A Defense Framework for Flooding-Based DDoS Attacks

A Defense Framework for Flooding-Based DDoS Attacks



|Views: 1,111 |Likes:
Published by Nguyễn Anh Dũng
Bài tiều luận nêu lên các nền tảng phòng chống DDoS hay
Bài tiều luận nêu lên các nền tảng phòng chống DDoS hay

More info:

Published by: Nguyễn Anh Dũng on Dec 24, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





A Defense Frameworkfor Flooding-based DDoS Attacks
Yonghua You
A thesis submitted to theSchool of Computingin conformity with the requirements forthe degree of Master of ScienceQueen’s UniversityKingston, Ontario, CanadaAugust 2007Copyrightc
Yonghua You, 2007
Distributed denial of service (DDoS) attacks are widely regarded as a major threatto the Internet. A flooding-based DDoS attack is a very common way to attacka victim machine by sending a large amount of malicious traffic. Existing network-level congestion control mechanisms are inadequate in preventing service quality fromdeteriorating because of these attacks. Although a number of techniques have beenproposed to defeat DDoS attacks, it is still hard to detect and respond to flooding-based DDoS attacks due to a large number of attacking machines, the use of source-address spoofing, and the similarities between legitimate and attack traffic. In thisthesis, we propose a distributed framework which will help to improve the quality of service of internet service providers (ISP) for legitimate traffic under DDoS attacks.The distributed nature of DDoS problem requires a distributed solution. In thisthesis, we propose a distance-based distributed DDoS defense framework which de-fends against attacks by coordinating between the distance-based DDoS defense sys-tems of the source ends and the victim end. The proposed distance-based defensesystem has three major components: detection, traceback, and traffic control. In thedetection component, two distance-based detection techniques are employed. Thedistance value of a packet indicates the number of hops the packet has traversed fromi
an edge router to the victim. First, an average distance estimation DDoS detec-tion technique is used to detect attacks based on the average distance values of thepackets received at the victim end. Second, a distance-based traffic separation DDoSdetection technique applies a traffic rate forecasting technique for identifying attacktraffic within traffic that is separated based on distance values. For the tracebackcomponent, the existing Fast Internet Traceback (FIT) technique is employed to findremote edge routers which forward attack traffic to the victim. Based on the proposeddistance-based rate limit mechanism, the traffic control component at the victim endrequests the source-end defense systems to set up rate limits on these routers in orderto efficiently reduce the amount of attack traffic.We evaluate the DDoS defense framework on a network simulation platform calledNS2. We also evaluate the effectiveness of the two DDoS detection techniques in-dependent of the proposed defense framework. The results demonstrate that bothdetection techniques are capable of detecting flooding-based DDoS attacks, and thedefense framework can effectively control attack traffic in order to sustain the qualityof service for legitimate traffic. Moreover, the framework shows better performance indefeating flooding-based DDoS attacks compared to the pushback technique, whichuses a local aggregate congestion control mechanism to detect and control traffic flowsthat create congestion in a network.ii

Activity (21)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Ashish Kumar liked this
Robert Green liked this
brijgupta liked this
manai raghav liked this
retaqween liked this
beladi liked this
philpq liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->