DocumentCode
1138447
Title
Sustaining availability of Web services under distributed denial of service attacks
Author
Xu, Jun ; Lee, Wooyong
Author_Institution
Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA, USA
Volume
52
Issue
2
fYear
2003
Firstpage
195
Lastpage
208
Abstract
The recent tide of Distributed Denial of Service (DDoS) attacks against high-profile web sites demonstrate how devastating DDoS attacks are and how defenseless the Internet is under such attacks. We design a practical DDoS defense system that can protect the availability of web services during severe DDoS attacks. The basic idea behind our system is to isolate and protect legitimate traffic from a huge volume of DDoS traffic when an attack occurs. Traffic that needs to be protected can be recognized and protected using efficient cryptographic techniques. Therefore, by provisioning adequate resource (e.g., bandwidth) to legitimate traffic separated by this process, we are able to provide adequate service to a large percentage of clients during DDoS attacks. The worst-case performance (effectiveness) of the system is evaluated based on a novel game theoretical framework, which characterizes the natural adversarial relationship between a DDoS adversary and the proposed system. We also conduct a simulation study to verify a key assumption used in the game-theoretical analysis and to demonstrate the system dynamics during an attack.
Keywords
Web sites; cryptography; game theory; DDoS attacks; DDoS defense system; DDoS traffic; Internet; Web service availability; cryptographic techniques; distributed denial-of-service attacks; high-profile Web sites; resource provision; Analytical models; Availability; Bandwidth; Computer crime; Cryptography; Game theory; Protection; Tides; Web and internet services; Web services;
fLanguage
English
Journal_Title
Computers, IEEE Transactions on
Publisher
ieee
ISSN
0018-9340
Type
jour
DOI
10.1109/TC.2003.1176986
Filename
1176986
Link To Document