Title :
Statistically countering denial of service attacks
Author_Institution :
Institute for Infocomm Res., Singapore
Abstract :
In denial-of-service (DoS) attacks, the attackers usually randomize their source addresses to hide their true identities. This trick renders the victims unable to block the malicious traffic directly, as it appears to come from everywhere. Blocking the observed source addresses indiscriminatingly amounts to shutting off the legitimate communications at the same time. This paper proposes a statistical approach to determine the source address legitimacy when DoS attacks are detected. It utilizes the phenomenon that when the attackers uniformly randomize their addresses, the packet intensities from the spoofed sources exhibit similarity to one another. The proposed method attempts to discover this similarity to differentiate between the authentic and the spoofed sources. Based on this method, two differentiation schemes are designed. Their performance is studied by simulation. These two schemes aim to provide a supplementary DoS countermeasure in addition to the existing defense strategies.
Keywords :
security of data; statistical analysis; defense strategy; denial-of-service attacks; differentiation schemes; packet intensities; source address legitimacy; statistical approach; Availability; Communication system traffic control; Computer crime; Computer security; Internet; Power system security; Protection; Protocols; Resource management; Telecommunication traffic;
Conference_Titel :
Communications, 2005. ICC 2005. 2005 IEEE International Conference on
Print_ISBN :
0-7803-8938-7
DOI :
10.1109/ICC.2005.1494470
