Denying Denial-of-Service Attacks: A Router Based Solution

نویسندگان

  • Zhang Shu
  • Partha Dasgupta
چکیده

Distributed Denial-of-Service (DDoS) attacks prevent users from accessing services on the target network by flooding the target network with a large volume of traffic. In this paper, we propose a “Hardened Network” system, which is based on intelligent routers. This network can be incrementally deployed on the Internet and can be used to detect, stop, and recover from DDoS attacks. This Hardened Network does not require any modification to the endsystems, such as the client and server hosts. It can detect a DDoS attack before it severely slows down the target machine or the network. Then, it can selectively drop packets close to the sources and hence stop the attack at points that are closer to the attack origin, and continue to provide service.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets

Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...

متن کامل

Detection Mechanism for Distributed Denial of Service (DDoS) Attack in Mobile Ad-hoc Networks

Mobile ad hoc networks are non-static networks which formed without any central point communication infrastructure. In addition to node mobility, a ad-hoc is defined by bounded resource constraints such as bandwidth, battery power, and storage space. In this network, the intermediate nodes play role of router which routed the packets to the terminal node. The security challenges in the networks...

متن کامل

Detecting Denial of Service Message Flooding Attacks in SIP based Services

Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infra...

متن کامل

Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...

متن کامل

Implementing IP Traceback in the Internet — An ISP Perspective

ISBN 0-7803-9850-5 /$10.00  2002 IEEE Page 326 Abstract--Denial-of-Service (DoS) attacks consume the resources of remote hosts and the network in terms of buffers, processing power, and connections, thus denying or degrading the Internet services to legitimate users. Managed security service (MSS) has been developed to provide better network performance in addition to protect customers from be...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003