A Practical method to counteract denial of service attacks

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

Abstract

Today distributed denial of service (DDoS) attacks are causing major problems to conduct online business over the Internet. Recently several schemes have been proposed on how to prevent some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this paper, we propose a Controller-Agent model that would greatly minimize DDoS attacks on Internet. With a new packet marking technique and agent design our scheme is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses. Our scheme is invoked only during attack times, is able to process the victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, can prevent the attack traffic at the nearest router to the attacking system, has fast response time, is simple in its implementation and can be incrementally deployed. Hence we believe that the scheme proposed in this paper seems to be a promising approach to prevent distributed denial of service attacks.
Original languageEnglish
Title of host publicationProceedings of the 26th Australasian computer science conference
EditorsMichael J. Oudshoorn
Place of PublicationSydney
PublisherAustralian Computer Society
Number of pages10
Volume16
ISBN (Print)0909925941
Publication statusPublished - 2003
EventAustralasian computer science conference (26th : 2003) - Adelaide
Duration: 4 Feb 20037 Feb 2003

Conference

ConferenceAustralasian computer science conference (26th : 2003)
CityAdelaide
Period4/02/037/02/03

Keywords

  • DoS
  • broad attack signatures
  • controller-agent model
  • denial of service
  • packet marking

Fingerprint

Dive into the research topics of 'A Practical method to counteract denial of service attacks'. Together they form a unique fingerprint.

Cite this