• DocumentCode
    3614274
  • Title

    Attacking DDoS at the source

  • Author

    J. Mirkovic;G. Prier;P. Reiher

  • Author_Institution
    Dept. of Comput. Sci., California Univ., Los Angeles, CA, USA
  • fYear
    2002
  • fDate
    6/24/1905 12:00:00 AM
  • Firstpage
    312
  • Lastpage
    321
  • Abstract
    Distributed denial-of-service (DDoS) attacks present an Internet-wide threat. We propose D-WARD, a DDoS defense system deployed at source-end networks that autonomously detects and stops attacks originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between the network and the rest of the Internet and periodic comparison with normal flow models. Mismatching flows are rate-limited in proportion to their aggressiveness. D-WARD offers good service to legitimate traffic even during an attack, while effectively reducing DDoS traffic to a negligible level. A prototype of the system has been built in a Linux router. We show its effectiveness in various attack scenarios, discuss motivations for deployment, and describe associated costs.
  • Keywords
    "Traffic control","Telecommunication traffic","Computer crime","Internet","Costs","Linux","Filtering","Computer science","Computerized monitoring","IP networks"
  • Publisher
    ieee
  • Conference_Titel
    Network Protocols, 2002. Proceedings. 10th IEEE International Conference on
  • ISSN
    1092-1648
  • Print_ISBN
    0-7695-1856-7
  • Type

    conf

  • DOI
    10.1109/ICNP.2002.1181418
  • Filename
    1181418
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3614274