An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently

Journal of Parallel and Distributed Computing

Volumn 68, Issue 4, 2008, Pages 456-470

  Xiao, Bin ^a   Chen, Wei ^b   He, Yanxiang ^c  

^a HONG KONG POLYTECHNIC UNIVERSITY   (Hong Kong)

^b NANJING UNIVERSITY OF POSTS AND TELECOMMUNICATIONS   (China)

^c WUHAN UNIVERSITY   (China)

Author keywords

DDoS attacks; Early detection; Rate limit counteraction; SYN flooding; TTL

Indexed keywords

COMPUTER SIMULATION; INTERNET PROTOCOLS; SERVERS; TELECOMMUNICATION TRAFFIC; USER INTERFACES;

DDOS ATTACKS; RATE LIMIT COUNTERACTION; SYN FLOODING;

SECURITY SYSTEMS;

EID: 39749130411     PISSN: 07437315     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jpdc.2007.06.013     Document Type: Article

References (27)

1. S.M. Bellovin, ICMP traceback messages, Technical Report March 2000.
2. Branigan S., Burch H., Cheswick B., and Wojcik F. What can you do with Traceroute?. IEEE Internet Comput. 5 5 (2001) 96
3. Chang R.K. Defending against flooding-based Distributed Denial-of-Service attacks: a tutorial. IEEE Commun. Mag. 40 10 (2002) 42-51
4. C.-M. Cheng, H. Kung, K.-S. Tan, Use of spectral analysis in defense against DoS attacks, in: Proceedings of IEEE GLOBECOM 2002, Taibei, China, vol. 3, 2002, pp. 2143- 2148.
5. Dean D., Franklin M., and Stubblefield A. An algebraic approach to IP traceback. ACM Trans. Inform. System Security 5 2 (2002) 119-137
6. P. Ferguson, D. Senie, Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing, RFC2827, 2000 URL: 〈http://www.ietf.org/rfc/rfc2827.txt〉.
7. J. Ioannidis, S.M. Bellovin, Implementing pushback: router-based defense against DDoS attacks, in: Proceedings of Network and Distributed System Security Symposium, San Diego, California, The Internet Society, 2002.
8. C. Jin, H.N. Wang, K.G. Shin, Hop-count filtering: an effective defense against spoofed DDoS traffic, in: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS), ACM Press, New York, 2003, pp. 30-41.
9. M. Kalantari, K. Gallicchio, M. Shayman, Using transient behavior of tcp in mitigation of distributed denial of service attacks, in: Proceedings of the 41st IEEE Conference on Decision and Control 2002, vol. 2, 2002, pp. 1422-1427.
10. Keromytis A., Misra V., and Rubenstein D. SOS: an architecture for mitigating DDoS attacks. IEEE J. Sel. Areas Commun. 22 (2004) 176-188
11. J. Lemon, Resisting SYN flood DoS attacks with a SYN cache, in: Proceedings of the BSDCon Conference, 2002, pp. 89-97.
12. J. Mirkovic, G. Prier, P. Reiher, Attacking DDoS at the source, in: Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP2002), Paris, France, IEEE Computer Society, 2002, pp. 312-321.
13. D. Moore, G. Voelker, S. Savage, Inferring Internet denial-of-service activity, in: Proceedings of the 10th USENIX Security Symposium, 2001, pp. 9-22.
14. Network simulator NS2 〈http://www.isi.edu/nsnam/ns/〉.
15. K. Park, H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in: Proceedings of the IEEE INFOCOM, 2001, pp. 338-347.
16. Paxson V. End-to-end routing behavior in the Internet. IEEE/ACM Trans. Networking 5 5 (1997) 601-615
17. T. Peng, C. Leckie, R. Kotagiri, Protection from distributed denial of service attack using history-based IP filtering, in: Proceedings of the IEEE International Conference on Communications, Anchorage, Alaska, USA, vol. 1, 2003, pp. 482-486.
18. J. Postel, Transmission control protocol: DARPA internet program protocol specification, RFC 793, September 1981.
19. S. Savage, D. Wetherall, A. Karlin, T. Anderson, Practical network support for IP traceback, in: Proceedings of the ACM SIGCOMM Conference, ACM Press, New York, 2000, pp. 295-306.
20. C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, D. Zamboni, Analysis of a denial of service attack on TCP, in: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, IEEE Computer Society Press, Silver Spring, MD, 1997, pp. 208-223.
21. A.C. Snoeren, Hash-based IP traceback, in: Proceedings of the ACM SIGCOMM Conference, ACM Press, New York, 2001, pp. 3-14.
22. D.X. Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback, in: Proceedings of the IEEE INFOCOM, 2001, pp. 878-886.
23. Sung M., and Xu J. IP traceback-based intelligent packet filtering: a novel technique for defending against internet DDoS attacks. IEEE Trans. Parallel Distrib. Systems 14 9 (2003) 861-872
24. U. Tupakula, V. Varadharajan, Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture, in: Proceedings of the 11th IEEE International Conference on Networks(ICON2003), 2003, pp. 455-460.
25. Wang H., and Shin K. Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks. IEEE Trans. Parallel Distrib. Systems 14 (2003) 873-884
26. H. Wang, D. Zhang, K.G. Shin, Detecting SYN flooding attacks, in: Proceedings of IEEE INFOCOM, vol. 3, 2002, pp. 1530-1539.
27. A. Yaar, A. Perrig, D. Song, SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks, in: Proceedings of the IEEE Symposium on Security and Privacy, IEEE Computer Society, IEEE Computer Society Press, Silver Spring, MD, 2004, pp. 130-143.