• DocumentCode
    3296210
  • Title

    Real-time protection against DDoS attacks using active gateways

  • Author

    Demir, Onur ; Ghose, Kanad

  • Author_Institution
    Dept. of Comput. Sci., State Univ. of New York, Binghamton, NY, USA
  • fYear
    2005
  • fDate
    6-10 June 2005
  • Firstpage
    224
  • Lastpage
    231
  • Abstract
    This paper presents solutions for protecting servers against distributed denial-of-service (DDoS) attacks that inundate the system with file download and script execution requests. Our solution uses a dynamic packet filtering on dual-ported active NIC based gateways to drop attacking packets based on locally measured request rates and information from the server (such as server loading, number of incomplete connections). A variety of techniques for performing such packet filtering in real-time are discussed. A prototype implementation using a test bed of several clients, attacking machines and servers indicates that considerable improvements in the response times to legitimate requests and overall improvements in the performance of the servers are realized by the proposed scheme. As a sustained high-volume attack is started, the intelligent gateway is successful in detecting and filtering out apparently malicious traffic in only a few 10s of seconds.
  • Keywords
    Internet; network servers; quality of service; telecommunication security; DDoS attack; distributed denial-of-service; dual-ported active NIC based gateway; intelligent gateway; real-time protection; Active filters; Computer crime; Delay; File servers; Information filtering; Information filters; Machine intelligence; Protection; Prototypes; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Distributed Computing Systems Workshops, 2005. 25th IEEE International Conference on
  • Print_ISBN
    0-7695-2328-5
  • Type

    conf

  • DOI
    10.1109/ICDCSW.2005.118
  • Filename
    1437179