http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?

arnumber=1300541
ABSTRACT
Distributed denial-of-service (DDoS) attack has turned into one of the major sec
urity threats in recent years. Usually the only solution is to stop the services
or shut down the victim and then discard the attack traffic only after the DDoS
attack characteristics (such as the destination ports of the attack packets) ar
e known. In this paper, we introduce a generic DDoS attack detection mechanism a
s well as the design and setup of a testbed for performing experiments and analy
sis. Our results showed that the mechanism can detect DDoS attack. This enables
us to proceed to the next steps of packet classification and traffic control.
http://www.computer.org/portal/web/csdl/doi/10.1109/TDSC.2006.25
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Intern
et. This paper introduces a DDoS defense scheme that supports automated online a
ttack characterizations and accurate attack packet discarding based on statistic
al processing. The key idea is to prioritize a packet based on a score which est
imates its legitimacy given the attribute values it carries. Once the score of a
packet is computed, this scheme performs score-based selective packet discardin
g where the dropping threshold is dynamically adjusted based on the score distri
bution of recent incoming packets and the current level of system overload. This
paper describes the design and evaluation of automated attack characterizations
, selective packet discarding, and an overload control process. Special consider
ations are made to ensure that the scheme is amenable to high-speed hardware imp
lementation through scorebook generation and pipeline processing. A simulation s
tudy indicates that PacketScore is very effective in blocking several different
attack types under many different conditions.