Title :
A Service Architecture for Countering Distributed Denial of Service Attacks
Author :
Zaffar, Fareed ; Kedem, Gershon
Author_Institution :
Dept. of Comput. Sci., Duke Univ., Durham, NC
Abstract :
We present AMP, a novel service architecture for countering distributed denial of service (dDos) attacks. AMP uses dynamically configured network components to perform traffic monitoring, filtering and detection of commonly known attacks. It does not require universal deployment and is complementary to other schemes for countering dDoS attacks, however with the use of collaborative policing techniques, the performance of the scheme can be improved greatly. In addition, it is economically viable, it can be offered as a service to the customers by service providers. We give a detailed design of our system which we implemented on our simulation test-bed. Performance evaluation of our system shows that using our scheme we were able to recover 83% of throughput lost during an attack.
Keywords :
computer networks; telecommunication security; telecommunication traffic; AMP; collaborative policing techniques; commonly known attack detection; dDos; distributed denial of service attacks; performance evaluation; service architecture; service providers; traffic monitoring; Communication system traffic control; Computer architecture; Computer crime; Counting circuits; Filtering; Floods; Internet; Large-scale systems; Throughput; Web server;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
Conference_Location :
Niagara Falls, Ont.
Print_ISBN :
978-0-7695-2847-2
DOI :
10.1109/AINAW.2007.56