Title :
Protection from distributed denial of service attacks using history-based IP filtering
Author :
Peng, Tao ; Leckie, Christopher ; Ramamohanarao, Kotagiri
Author_Institution :
Dept. of Electr. & Electron. Eng., Melbourne Univ., Vic., Australia
Abstract :
In this paper, we introduce a practical scheme to defend against distributed denial of service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming Ip packet. Unlike other proposals to defend against DDoS attacks, our scheme works well during highly-distributed DDoS attacks, i.e., from a large number of sources. We present several heuristic methods to make the IP address database accurate and robust, and we present experimental results that demonstrate the effectiveness of our scheme in defending against highly-distributed DDoS attacks.
Keywords :
Internet; filtering theory; telecommunication network routing; telecommunication security; telecommunication traffic; transport protocols; IP address database; Internet protocol; distributed denial of service attacks; edge router; heuristic methods; history-based IP filtering; telecommunications traffic; Bandwidth; Computer crime; Databases; History; Information filtering; Information filters; Proposals; Protection; Robustness; Telecommunication traffic;
Conference_Titel :
Communications, 2003. ICC '03. IEEE International Conference on
Print_ISBN :
0-7803-7802-4
DOI :
10.1109/ICC.2003.1204223
