Title :
Differentiating Malicious DDoS Attack Traffic from Normal TCP Flows by Proactive Tests
Author :
Gao, Zhiqiang ; Ansari, Nirwan
Author_Institution :
Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ
fDate :
11/1/2006 12:00:00 AM
Abstract :
To defend against distributed denial of service (DDoS) attacks, one critical issue is to effectively isolate the attack traffic from the normal ones. A novel DDoS defense scheme based on TCP is hereby contrived because TCP is the dominant traffic for both the normal and lethal flows in the Internet. Unlike most of the previous DDoS defense schemes that are passive in nature, the proposal uses proactive tests to identify and isolate the malicious traffic. Simulation results validate the effectiveness of our proposed scheme
Keywords :
Internet; security of data; telecommunication security; telecommunication traffic; transport protocols; DDoS attack traffic; Internet; TCP flow; distributed denial of service; proactive test; Bandwidth; Computer crime; Floods; Proposals; TCPIP; Telecommunication traffic; Testing; Traffic control; Web and internet services; Web server;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2006.060669
