Title :
Defending against flooding-based distributed denial-of-service attacks: a tutorial
Author :
Chang, Rocky K C
Author_Institution :
Hong Kong Polytech. Univ., Kowloon, China
fDate :
10/1/2002 12:00:00 AM
Abstract :
Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it was discovered that DDoS attack methods and tools are becoming more sophisticated, effective, and also more difficult to trace to the real attackers. On the defense side, current technologies are still unable to withstand large-scale attacks. The main purpose of this article is therefore twofold. The first one is to describe various DDoS attack methods, and to present a systematic review and evaluation of the existing defense mechanisms. The second is to discuss a longer-term solution, dubbed the Internet-firewall approach, that attempts to intercept attack packets in the Internet core, well before reaching the victim.
Keywords :
Internet; authorisation; packet switching; telecommunication security; DDoS attack methods; DDoS attack tools; Internet firewall; Internet stability; attack packets interception; distributed attack detection; flooding-based distributed denial-of-service attacks; large-scale attacks; reflector attacks; tutorial; Companies; Computer crime; Cryptography; IP networks; Large-scale systems; Protocols; Security; Stability; Tutorial; Web and internet services;
Journal_Title :
Communications Magazine, IEEE
DOI :
10.1109/MCOM.2002.1039856
