Safeguard information infrastructure against DDoS attacks: experiments and modeling


Autoria(s): Xiang, Yang; Zhou, Wanlei
Data(s)

01/01/2005

Resumo

Nowadays Distributed Denial of Service (DDoS) attacks have made one of the most serious threats to the information infrastructure. In this paper we firstly present a new filtering approach, Mark-Aided Distributed Filtering (MADF), which is to find the network anomalies by using a back-propagation neural network, deploy the defense system at distributed routers, identify and filtering the attack packets before they can reach the victim; and secondly propose an analytical model for the interactions between DDoS attack party and defense party, which allows us to have a deep insight of the interactions between the attack and defense parties. According to the experimental results, we find that MADF can detect and filter DDoS attack packets with high sensitivity and accuracy, thus provide high legitimate traffic throughput and low attack traffic throughput. Through the comparison between experiments and numerical results, we also demonstrate the validity of the analytical model that can precisely estimate the effectiveness of a DDoS defense system before it encounters different attacks.<br />

Identificador

http://hdl.handle.net/10536/DRO/DU:30003134

Idioma(s)

eng

Publicador

Springer-Verlag

Relação

http://dro.deakin.edu.au/eserv/DU:30003134/xiang-safeguardinformation-2005.pdf

http://www.springerlink.com/content/yn0t336r119j2070/fulltext.pdf

Direitos

2005, Springer-Verlag

Tipo

Journal Article