A source address filtering firewall to defend against denial-of-service attacks

Author

Xu, Yi ; Lee, Henry C J

Author_Institution

Inst. for Infocomm Res., Singapore, Singapore

Volume

5

fYear

2004

fDate

26-29 Sept. 2004

Firstpage

3296

Abstract

Denial-of-service (DoS) attacks exploit a very fundamental fact that the computation and bandwidth resources of their targets are limited. When the attackers generate large volume of useless packets to deplete the available resources of the targets, the targets are unable to accommodate the legitimate service requests. This paper proposes a firewall mechanism that tries to filter off the malicious packets when the protected network is under DoS attacks. The idea is to judge the legitimacy status of each incoming packet from its source address in a statistical way. The scheme utilizes the traffic intensity difference between the legitimate users and the malicious attackers to make this determination in real time. The proposed firewall mechanism can be used to protect both wired and wireless networks.

Keywords

authorisation; computer network management; telecommunication traffic; DoS attacks; denial-of-service attacks; firewall; protected network; source address filtering; traffic intensity difference; wired networks; wireless networks; Bandwidth; Communication system security; Computer crime; Filtering; History; Internet; Monitoring; Protection; Statistics; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Vehicular Technology Conference, 2004. VTC2004-Fall. 2004 IEEE 60th

ISSN

1090-3038

Print_ISBN

0-7803-8521-7

Type

conf

DOI

10.1109/VETECF.2004.1404673

Filename

1404673