Title :
An On-line DDoS Attack Traceback and Mitigation System Based on Network Performance Monitoring
Author :
Wei-Tsung Su ; Lin, Tzu-Chieh ; Wu, Chun-Yi ; Hsu, Jang-Pong ; Kuo, Yau-Hwang
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Cheng Kung Univ., Tainan
Abstract :
In this paper, DDoS attack traceback and mitigation system (DATMS) is proposed to trace the DDoS attack sources based on network performance monitoring. By monitoring packet loss rate and packet arrival rate, the routers can be traced as near as attack sources on victim flows, called approximate attack entry nodes (AENs), can be traced as near as attack sources. DATMS adopts on-line analysis instead of post-mortem analysis to reduce the trace time. In addition, the packet filter controller which adapts to queue length is proposed to mitigate the DDoS attacks. Since it is extremely difficult to distinguish attack flows and victim flows on core routers, the proposed packet filter is very simple and has lower overhead. Finally, the experimental results from NS-2 simulations show that the DDoS attacks are effectively mitigated by DATMS.
Keywords :
security of data; NS-2 simulations; approximate attack entry nodes; network performance monitoring; online DDoS attack mitigation system; online DDoS attack traceback; packet arrival rate; packet filter controller; packet loss rate; Computer crime; Computer science; Computerized monitoring; Degradation; Filters; IP networks; Multimedia systems; Performance loss; Telecommunication traffic; Traffic control; Distributed denial of service; IP traceback; Network performance monitoring; Packet filter;
Conference_Titel :
Advanced Communication Technology, 2008. ICACT 2008. 10th International Conference on
Conference_Location :
Gangwon-Do
Print_ISBN :
978-89-5519-136-3
DOI :
10.1109/ICACT.2008.4494041
