RCS: A distributed mechanism against link flooding DDoS attacks

被引:0
|
作者
Cui, Yong [1 ]
Song, Lingjian [1 ]
Xu, Ke [1 ]
机构
[1] Tsinghua Univ, Dept Comp Sci & Technol, Beijing 100084, Peoples R China
来源
INFORMATION NETWORKING: ADVANCES IN DATA COMMUNICATIONS AND WIRELESS NETWORKS | 2006年 / 3961卷
关键词
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
DoS/DDoS attacks especially the Link Flooding have exerted severe threat on Internet. In this paper we propose a novel mechanism called Rate Control System (RCS) against Link Flooding based on the correlation analysis of upper link flows. According to the feature of aggregate in DDoS attack, RCS takes DDoS attack problem as a way of flow control to simplify the situation and deploys the flow controller at the routers near the victims. As the key point of our mechanism, an algorithm is designed to differentiate the malicious packets and the normal ones and we classify the packets according to TCP flags in order to tell different flows apart. In addition we detect the malicious aggregate using correlation analysis to make clear the type and the location of the attack. Simulation results demonstrate the performance for detecting the Link Flooding DDoS attacks.
引用
收藏
页码:764 / +
页数:3
相关论文
共 50 条
  • [21] Joint application and network defense against DDoS flooding attacks in the future Internet
    Karrer, Roger P.
    Kuehn, Ulrich
    Huehn, Thomas
    FGCN: PROCEEDINGS OF THE 2008 SECOND INTERNATIONAL CONFERENCE ON FUTURE GENERATION COMMUNICATION AND NETWORKING, VOLS 1 AND 2, 2008, : 9 - +
  • [22] Mitigating DDoS Flooding Attacks against IoT using Custom Hardware Modules
    Brasilino, Lucas R. B.
    Swany, Martin
    2019 SIXTH INTERNATIONAL CONFERENCE ON INTERNET OF THINGS: SYSTEMS, MANAGEMENT AND SECURITY (IOTSMS), 2019, : 58 - 64
  • [23] Monitoring the macroscopic effect of DDoS flooding attacks
    Yuan, JA
    Mills, K
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2005, 2 (04) : 324 - 335
  • [24] Detecting flooding-based DDoS attacks
    You, Yonghua
    Zulkernine, Mohammad
    Haque, Anwar
    2007 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-14, 2007, : 1229 - +
  • [25] A path identification mechanism for effective filtering against DDoS attacks
    Ahn, Y
    Wee, K
    Hong, M
    8TH WORLD MULTI-CONFERENCE ON SYSTEMICS, CYBERNETICS AND INFORMATICS, VOL III, PROCEEDINGS: COMMUNICATION AND NETWORK SYSTEMS, TECHNOLOGIES AND APPLICATIONS, 2004, : 325 - 330
  • [26] MSOM: Efficient Mechanism for Defense against DDoS Attacks in VANET
    Al-Mehdhara, Mohammed
    Ruan, Na
    WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2021, 2021
  • [27] A dynamic path identification mechanism to defend against DDoS attacks
    Lee, G
    Lim, H
    Hong, M
    Lee, DH
    INFORMATION NETWORKING: CONVERGENCE IN BROADBAND AND MOBILE NETWORKING, 2005, 3391 : 806 - 813
  • [28] A Pi2HC Mechanism against DDoS Attacks
    Jin, Guang
    Li, Yuan
    Zhang, Huizhan
    Qian, Jiangbo
    2008 THIRD INTERNATIONAL CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA, VOLS 1-3, 2008, : 215 - 219
  • [29] Pi: A path identification mechanism to defend against DDoS attacks
    Yaar, A
    Perrig, A
    Song, D
    2003 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2003, : 93 - 107
  • [30] Distributed Intrusion Detection using Mobile Agents against DDoS Attacks
    Akyazi, Ugur
    Uyar, A. Sima Etaner
    23RD INTERNATIONAL SYMPOSIUM ON COMPUTER AND INFORMATION SCIENCES, 2008, : 346 - +
12345