Protection from distributed denial of service attacks using history-based IP filtering

Author

Peng, Tao ; Leckie, Christopher ; Ramamohanarao, Kotagiri

Author_Institution

Dept. of Electr. & Electron. Eng., Melbourne Univ., Vic., Australia

Volume

1

fYear

2003

fDate

11-15 May 2003

Firstpage

482

Abstract

In this paper, we introduce a practical scheme to defend against distributed denial of service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming Ip packet. Unlike other proposals to defend against DDoS attacks, our scheme works well during highly-distributed DDoS attacks, i.e., from a large number of sources. We present several heuristic methods to make the IP address database accurate and robust, and we present experimental results that demonstrate the effectiveness of our scheme in defending against highly-distributed DDoS attacks.

Keywords

Internet; filtering theory; telecommunication network routing; telecommunication security; telecommunication traffic; transport protocols; IP address database; Internet protocol; distributed denial of service attacks; edge router; heuristic methods; history-based IP filtering; telecommunications traffic; Bandwidth; Computer crime; Databases; History; Information filtering; Information filters; Proposals; Protection; Robustness; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, 2003. ICC '03. IEEE International Conference on

Print_ISBN

0-7803-7802-4

Type

conf

DOI

10.1109/ICC.2003.1204223

Filename

1204223