Article

Attacking DDoS at the Source

Authors:

Jelena Mirkovic,

Gregory Prier,

Peter L. ReiherAuthors Info & Claims

ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols

Pages 312 - 321

Published: 12 November 2002 Publication History

Publisher Site

Abstract

Distributed denial-of-service (DDoS) attacks present an Internet-wide threat. We propose D-WARD, a DDoS defense system deployed at source-end networks that autonomously detects and stops attacks originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between the network and the rest of the Internet and periodic comparison with normal flow models. Mismatching flows are rate-limited in proportion to their aggressiveness. D-WARD offers good service to legitimate traffic even during an attack, while effectively reducing DDoS traffic to a negligible level. A prototype of the system has been built in a Linux router. We show its effectiveness in various attack scenarios, discuss motivations for deployment, and describe associated costs.

Cited By

View all

Nagesh K. Sumathy R. Devakumar P. Sathiyamurthy K. (2017)A Survey on Denial of Service Attacks and PreclusionsInternational Journal of Information Security and Privacy10.4018/IJISP.201710010111:4(1-15)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.4018/IJISP.2017100101
Stewart CVasu AKeller EAhn GGu GHu HShin S(2017)CommunityGuardProceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization10.1145/3040992.3040997(1-6)Online publication date: 24-Mar-2017
https://dl.acm.org/doi/10.1145/3040992.3040997
Gupta BBadve O(2017)Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environmentNeural Computing and Applications10.1007/s00521-016-2317-528:12(3655-3682)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.1007/s00521-016-2317-5
Show More Cited By

Index Terms

Attacking DDoS at the Source
1. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Source-End DDoS Defense in IoT Environments
IoTS&P '17: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy

While the Internet of Things (IoT) becomes increasingly popular and pervasive in everyday objects, IoT devices often remain unprotected and can be exploited to launch large-scale distributed denial-of-service (DDoS) attacks. One could attempt to employ ...
DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICNP '02: Proceedings of the 10th IEEE International Conference on Network Protocols

November 2002

339 pages

ISBN:0769518567

Publisher

IEEE Computer Society

United States

Publication History

Published: 12 November 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

71
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Nagesh K. Sumathy R. Devakumar P. Sathiyamurthy K. (2017)A Survey on Denial of Service Attacks and PreclusionsInternational Journal of Information Security and Privacy10.4018/IJISP.201710010111:4(1-15)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.4018/IJISP.2017100101
Stewart CVasu AKeller EAhn GGu GHu HShin S(2017)CommunityGuardProceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization10.1145/3040992.3040997(1-6)Online publication date: 24-Mar-2017
https://dl.acm.org/doi/10.1145/3040992.3040997
Gupta BBadve O(2017)Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environmentNeural Computing and Applications10.1007/s00521-016-2317-528:12(3655-3682)Online publication date: 1-Dec-2017
https://dl.acm.org/doi/10.1007/s00521-016-2317-5
Nagesh KSumathy RDevakumar PSathiyamurthy KAkila VSivakumar NSaruladha KZayaraz GIlavarasan E(2016)A Survey on Denial of Service Attacks and PreclusionsProceedings of the International Conference on Informatics and Analytics10.1145/2980258.2982110(1-10)Online publication date: 25-Aug-2016
https://dl.acm.org/doi/10.1145/2980258.2982110
Olivo ODillig ILin CRay ILi NKruegel C(2015)Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web ApplicationsProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813680(616-628)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813680
Jog MNatu MShelke SDas SKrishnaswamy DKarkar SKorman AKumar MPortmann MSastry S(2015)Distributed and Predictive-Preventive Defense Against DDoS AttacksProceedings of the 16th International Conference on Distributed Computing and Networking10.1145/2684464.2684503(1-4)Online publication date: 4-Jan-2015
https://dl.acm.org/doi/10.1145/2684464.2684503
Hoque NBhattacharyya DKalita J(2015)Botnet in DDoS Attacks: Trends and ChallengesIEEE Communications Surveys & Tutorials10.1109/COMST.2015.245749117:4(2242-2270)Online publication date: 18-Nov-2015
https://dl.acm.org/doi/10.1109/COMST.2015.2457491
Shameli-Sendi APourzandi MFekih-Ahmed MCheriet M(2015)Taxonomy of Distributed Denial of Service mitigation approaches for cloud computingJournal of Network and Computer Applications10.1016/j.jnca.2015.09.00558:C(165-179)Online publication date: 1-Dec-2015
https://dl.acm.org/doi/10.1016/j.jnca.2015.09.005
Malialis KKudenko D(2015)Distributed response to network intrusions using multiagent reinforcement learningEngineering Applications of Artificial Intelligence10.1016/j.engappai.2015.01.01341:C(270-284)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1016/j.engappai.2015.01.013
Li QWei WTao MChen Q(2014)A DDOS defence scheme based on two-stage traffic flow controlInternational Journal of Communication Networks and Distributed Systems10.1504/IJCNDS.2014.06463813:3/4(290-300)Online publication date: 1-Sep-2014
https://dl.acm.org/doi/10.1504/IJCNDS.2014.064638
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

Source-End DDoS Defense in IoT Environments

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations