Title :
Provider-based deterministic packet marking against distributed DoS attacks
Author :
Siris, Vasilios A. ; Stavrakis, Ilias
Author_Institution :
Inst. of Comput. Sci., Found. for Res. & Technol.-Hellas, Crete, Greece
Abstract :
One of the most serious security threats in the Internet are distributed denial of service (DDoS) attacks, due to the significant service disruption they can create and the difficulty to prevent them. In this paper, we propose new deterministic packet marking models in order to characterize DDoS attack streams. Such common characterization can be used to make filtering near the victim more effective. In this direction we propose a rate control scheme that protects destination domains by limiting the amount of traffic during an attack, while leaving a large percentage of legitimate traffic unaffected. The above features enable providers to offer enhanced security protection against such attacks as a value-added service to their customers, hence offer positive incentives for them to deploy the proposed models. We evaluate the proposed marking models using a snapshot of the actual Internet topology, in terms of how well they differentiate attack traffic from legitimate traffic in cases of full and partial deployment.
Keywords :
Internet; quality of service; security of data; telecommunication congestion control; telecommunication network topology; telecommunication traffic; Internet; attack traffic; deterministic packet marking; distributed denial of service attack; legitimate traffic; security threat; Access protocols; Bandwidth; Computer crime; Computer science; Information filtering; Information filters; Protection; Security; Traffic control; Web and internet services;
Conference_Titel :
Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International
Print_ISBN :
0-7695-2312-9
DOI :
10.1109/IPDPS.2005.367
