Article

TDFA: Traceback-Based Defense against DDoS Flooding Attacks

Authors:

A. Nur Zincir-HeywoodAuthors Info & Claims

AINA '14: Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications

Pages 597 - 604

https://doi.org/10.1109/AINA.2014.73

Published: 13 May 2014 Publication History

Abstract

Distributed Denial of Service (DDoS) attacks are one of the challenging network security problems to address. The existing defense mechanisms against DDoS attacks usually filter the attack traffic at the victim side. The problem is exacerbated when there are spoofed IP addresses in the attack packets. In this case, even if the attacking traffic can be filtered by the victim, the attacker may reach the goal of blocking the access to the victim by consuming the computing resources or by consuming a big portion of the bandwidth to the victim. This paper proposes a Trace back-based Defense against DDoS Flooding Attacks (TDFA) approach to counter this problem. TDFA consists of three main components: Detection, Trace back, and Traffic Control. In this approach, the goal is to place the packet filtering as close to the attack source as possible. In doing so, the traffic control component at the victim side aims to set up a limit on the packet forwarding rate to the victim. This mechanism effectively reduces the rate of forwarding the attack packets and therefore improves the throughput of the legitimate traffic. Our results based on real world data sets show that TDFA is effective to reduce the attack traffic and to defend the quality of service for the legitimate traffic.

Cited By

View all

Kahani NFallah M(2018)A Reactive Defense Against Bandwidth Attacks Using Learning AutomataProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3230844(1-6)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3230844
Nur ATozal M(2018)Record route IP tracebackComputers and Security10.1016/j.cose.2017.08.01272:C(13-25)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.08.012
Patil RDevane SShekhawat RGaur MElci AVaidya JMakarevich OPoet ROrgun MDhaka VBohra MSingh VBabenko LSheykhkanloo NRahnama B(2017)Unmasking of source identity, a step beyond in cyber forensicProceedings of the 10th International Conference on Security of Information and Networks10.1145/3136825.3136870(157-164)Online publication date: 13-Oct-2017
https://dl.acm.org/doi/10.1145/3136825.3136870
Show More Cited By

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks
A framework to mitigate ARP sniffing attacks by cache poisoning

Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks wired and wireless LAN coexist. ARP ...
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

AINA '14: Proceedings of the 2014 IEEE 28th International Conference on Advanced Information Networking and Applications

May 2014

1166 pages

ISBN:9781479936304

Publisher

IEEE Computer Society

United States

Publication History

Published: 13 May 2014

Author Tag

Packet Filtering, Traffic Control, IP Traceback, DDoS Attack, Deterministic Flow Marking

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Kahani NFallah M(2018)A Reactive Defense Against Bandwidth Attacks Using Learning AutomataProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3230844(1-6)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3230844
Nur ATozal M(2018)Record route IP tracebackComputers and Security10.1016/j.cose.2017.08.01272:C(13-25)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.cose.2017.08.012
Patil RDevane SShekhawat RGaur MElci AVaidya JMakarevich OPoet ROrgun MDhaka VBohra MSingh VBabenko LSheykhkanloo NRahnama B(2017)Unmasking of source identity, a step beyond in cyber forensicProceedings of the 10th International Conference on Security of Information and Networks10.1145/3136825.3136870(157-164)Online publication date: 13-Oct-2017
https://dl.acm.org/doi/10.1145/3136825.3136870
Al-Qudah ZJohnson ERabinovich MSpatscheck O(2016)Internet with transient destination-controlled addressingIEEE/ACM Transactions on Networking10.1109/TNET.2014.238211024:2(731-744)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1109/TNET.2014.2382110
Fachkha CBou-Harb EDebbabi M(2015)Inferring distributed reflection denial of service attacks from darknetComputer Communications10.1016/j.comcom.2015.01.01662:C(59-71)Online publication date: 15-May-2015
https://dl.acm.org/doi/10.1016/j.comcom.2015.01.016

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks

A framework to mitigate ARP sniffing attacks by cache poisoning

Detecting Insider Theft of Trade Secrets

Comments

Information

Published In

Publisher

Publication History

Author Tag

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations