A countermeasure against DDOS attacks using active networks technologies

A Distributed Denial of Service (DDOS) attack consumes the resources of a remote host or network by sending a massive amount of IP packets from many distributed hosts. It is a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPS. Since the attack is distributed and the attack tools evolve at a rapid and alarming rate, an effective solution must be formulated using a distributed and adaptive approach. In this paper we propose a countermeasure against DDOS attacks using a method we call Active Shaping. Our method employs the Active Networks technologies, which incorporates programmability into network nodes. The Active Networks technology enables us to deter congestion and bandwidth consumption of the backbone network caused by DDOS attacks, and to prevent our system from dropping packets of legitimate users mistakenly. This paper introduces the concept of our method, system design and evaluates the effectiveness of our method using a prototype..