Title :
D-WARD: a source-end defense against flooding denial-of-service attacks
Author :
Mirkovic, Jelena ; Reiher, Peter
Author_Institution :
Dept. of Comput. & Inf. Sci., Delaware Univ., Newark, DE, USA
Abstract :
Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. The major challenge is the differentiation of the legitimate from the attack traffic, so that the dropping policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment. Moderate traffic volumes seen near the sources, even during the attacks, enable extensive statistics gathering and profiling, facilitating high response selectiveness. D-WARD inflicts an extremely low collateral damage to the legitimate traffic, while quickly detecting and severely rate-limiting outgoing attacks. D-WARD has been extensively evaluated in a controlled testbed environment and in real network operation. Results of selected tests are presented in the paper.
Keywords :
distributed processing; security of data; telecommunication security; telecommunication traffic; D-WARD; DDoS attacks; autonomous attack detection; distributed denial-of-service attacks; fault tolerance; flooding denial-of-service attacks; network monitoring; network-level protection; network-level security; source-end DDoS defense system; statistics gathering; statistics profiling; traffic profiling; Communication system traffic control; Computer crime; Costs; Floods; Monitoring; Protection; Statistics; Surgery; Telecommunication traffic; Testing; Index Terms- Network-level security and protection; fault tolerance.; network monitoring;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2005.35
