A Service Architecture for Countering Distributed Denial of Service Attacks

Author

Zaffar, Fareed ; Kedem, Gershon

Author_Institution

Dept. of Comput. Sci., Duke Univ., Durham, NC

Volume

1

fYear

2007

fDate

21-23 May 2007

Firstpage

36

Lastpage

42

Abstract

We present AMP, a novel service architecture for countering distributed denial of service (dDos) attacks. AMP uses dynamically configured network components to perform traffic monitoring, filtering and detection of commonly known attacks. It does not require universal deployment and is complementary to other schemes for countering dDoS attacks, however with the use of collaborative policing techniques, the performance of the scheme can be improved greatly. In addition, it is economically viable, it can be offered as a service to the customers by service providers. We give a detailed design of our system which we implemented on our simulation test-bed. Performance evaluation of our system shows that using our scheme we were able to recover 83% of throughput lost during an attack.

Keywords

computer networks; telecommunication security; telecommunication traffic; AMP; collaborative policing techniques; commonly known attack detection; dDos; distributed denial of service attacks; performance evaluation; service architecture; service providers; traffic monitoring; Communication system traffic control; Computer architecture; Computer crime; Counting circuits; Filtering; Floods; Internet; Large-scale systems; Throughput; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on

Conference_Location

Niagara Falls, Ont.

Print_ISBN

978-0-7695-2847-2

Type

conf

DOI

10.1109/AINAW.2007.56

Filename

4221032