An empirical analysis of target-resident DoS filters

Author

Collins, Michael ; Reiter, Michael K.

Author_Institution

Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA, USA

fYear

2004

fDate

9-12 May 2004

Firstpage

103

Lastpage

114

Abstract

Numerous techniques have been proposed by which an end-system, subjected to a denial-of-service flood, filters the offending traffic. In this paper, we provide an empirical analysis of several such proposals, using traffic recorded at the border of a large network and including real DoS traffic. We focus our analysis on four filtering techniques, two based on the addresses from which the victim server typically receives traffic (static clustering and network-aware clustering), and two based on coarse indications of the path each packet traverses (hop-count filtering and path identifiers). Our analysis reveals challenges facing the proposed techniques in practice, and the implications of these issues for effective filtering. In addition, we compare techniques on equal footing, by evaluating the performance of one scheme under assumptions made by another. We conclude with an interpretation of the results and suggestions for further analysis.

Keywords

digital filters; packet switching; telecommunication congestion control; telecommunication security; telecommunication traffic; denial-of-service flood; filtering analysis; hop-count filtering; network-aware clustering; path identifiers; real DoS traffic; static clustering; target-resident DoS filters; Computer crime; Floods; Information filtering; Information filters; Internet; Large-scale systems; Network servers; Proposals; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on

ISSN

1081-6011

Print_ISBN

0-7695-2136-3

Type

conf

DOI

10.1109/SECPRI.2004.1301318

Filename

1301318