Publication | Closed Access
Protection from distributed denial of service attacks using history-based IP filtering
237
Citations
14
References
2004
Year
Unknown Venue
Hardware SecurityDdos DetectionEngineeringService AttacksDistributed DenialPractical SchemeInformation SecurityInternet Traffic AnalysisDenial-of-service AttackIntrusion ToleranceDenial-of-service AttacksFirewall (Computing)Botnet DetectionEdge RouterNetwork Traffic MeasurementHistory-based Ip FilteringData Security
The paper proposes a practical IP‑address filtering scheme to defend against distributed denial‑of‑service attacks. The method uses an edge router that maintains a history of legitimate IP addresses and, when overloaded, consults this history—enhanced by heuristic updates—to decide packet admission. Experiments show the scheme effectively mitigates highly distributed DDoS attacks, outperforming other proposals.
In this paper, we introduce a practical scheme to defend against distributed denial of service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming Ip packet. Unlike other proposals to defend against DDoS attacks, our scheme works well during highly-distributed DDoS attacks, i.e., from a large number of sources. We present several heuristic methods to make the IP address database accurate and robust, and we present experimental results that demonstrate the effectiveness of our scheme in defending against highly-distributed DDoS attacks.
| Year | Citations | |
|---|---|---|
Page 1
Page 1