Abstract
We present a probabilistic packet filtering (PPF) model to defend the Web server against Distributed Denial-of-Service (DDoS) attacks. To distinguish abnormal traffics from normal ones, we used Concentration Tendency of Network Traffic (CTNT). The CTNT mechanism computes the ratio of a specific type of packets among the total amount of network packet, and detects abnormal traffic if and only if the computed ratio exceeds the ratio in normal situation. If the CTNT mechanism detects DDoS attacks, the proposed model probabilistically filters the packets related to these. The simulation results demonstrate it is useful to early detect DDoS attacks. Furthermore, it is effective to protect the Web servers from DDoS attacks.
This work was supported by the Ministry of Information Communication, Korea, under the Information Technology Research Center Support Program supervised by the IITA.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Garber, L.: Denial-of-Service Attacks Rip the Internet. IEEE Computer 33(4), 12–17 (2000)
Houle, J.K., Weaver, M.G.: Trends in Denial of Service Attack Technology, CERT Coordination Center (2001)
Gil, T.M., Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX Security Symposium, pp. 23–38 (2001)
Householder, A., Manion, A., Pesante, L., Weaver, M.G.: Managing the Threat of Denial-of-Service Attacks, CERT Coordination Center (2001)
Kargl, F., Maier, J., Weber, M.: Protecting Web Servers from Distributed Denial of Service Attacks. In: Proceedings of the 10th International Conference on World Wide Web, pp. 514–524 (2001)
Kulkarni, A.B., Bush, S.F., Evans, S.C.: Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics. Technical report 2001CRD176, GE Research and Development Center (2001)
Ricciuli, L., Lincoln, P., Kakkar, P.: TCP SYN Flooding Defense. Communication Networks and Distributed Systems Modeling and Simulation (2000)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proceedings of IEEE INFOCOM – The Conference on Computer Communications, vol. 21(1), pp. 1530–1539 (2002)
Li, M., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. In: Section 7.6, pp. 506–509. Springer, Heidelberg (1997)
Lee, C., Choi, K., Jung, G., Noh, S.: Characterizing DDoS Attacks with Traffic Rate Analysis. In: Proceedings of IADIS International Conference on e-Society 2003, vol. 1, pp. 81–88 (2003)
Seo, J., Lee, C., Moon, J.: Defending DDoS Attacks Using Network Traffic Analysis and Probabilistic Packet Drop. In: Proceedings of the Third International Conference on Grid and Cooperative Computing, pp. 390–397 (2004)
Paxson, V.: Growth Trends in Wide-Area TCP Connections. IEEE Network 8, 8–17 (1994)
Braden, B., et al.: Recommendations on Queue Management and Congestion Avoidance in the Internet, RFC 2309 (1998)
Floyd, S., Jacobson, V.: Random Early Detection (RED) gateway for Congestion Avoidance. IEEE/ACM Transactions on Networking 1(4), 397–413 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seo, J., Lee, C., Kim, J., Shon, T., Moon, J. (2005). PPF Model with CTNT to Defend Web Server from DDoS Attack. In: Enokido, T., Yan, L., Xiao, B., Kim, D., Dai, Y., Yang, L.T. (eds) Embedded and Ubiquitous Computing – EUC 2005 Workshops. EUC 2005. Lecture Notes in Computer Science, vol 3823. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596042_101
Download citation
DOI: https://doi.org/10.1007/11596042_101
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30803-4
Online ISBN: 978-3-540-32296-2
eBook Packages: Computer ScienceComputer Science (R0)