• DocumentCode
    1138447
  • Title

    Sustaining availability of Web services under distributed denial of service attacks

  • Author

    Xu, Jun ; Lee, Wooyong

  • Author_Institution
    Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA
  • Volume
    52
  • Issue
    2
  • fYear
    2003
  • Firstpage
    195
  • Lastpage
    208
  • Abstract
    The recent tide of Distributed Denial of Service (DDoS) attacks against high-profile web sites demonstrate how devastating DDoS attacks are and how defenseless the Internet is under such attacks. We design a practical DDoS defense system that can protect the availability of web services during severe DDoS attacks. The basic idea behind our system is to isolate and protect legitimate traffic from a huge volume of DDoS traffic when an attack occurs. Traffic that needs to be protected can be recognized and protected using efficient cryptographic techniques. Therefore, by provisioning adequate resource (e.g., bandwidth) to legitimate traffic separated by this process, we are able to provide adequate service to a large percentage of clients during DDoS attacks. The worst-case performance (effectiveness) of the system is evaluated based on a novel game theoretical framework, which characterizes the natural adversarial relationship between a DDoS adversary and the proposed system. We also conduct a simulation study to verify a key assumption used in the game-theoretical analysis and to demonstrate the system dynamics during an attack.
  • Keywords
    Web sites; cryptography; game theory; DDoS attacks; DDoS defense system; DDoS traffic; Internet; Web service availability; cryptographic techniques; distributed denial-of-service attacks; high-profile Web sites; resource provision; Analytical models; Availability; Bandwidth; Computer crime; Cryptography; Game theory; Protection; Tides; Web and internet services; Web services;
  • fLanguage
    English
  • Journal_Title
    Computers, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    0018-9340
  • Type

    jour

  • DOI
    10.1109/TC.2003.1176986
  • Filename
    1176986