DDoS defense deployment with Network Egress and Ingress Filtering

IEEE International Conference on Communications

Volumn , Issue , 2010, Pages

  Du, Ping ^a   Nakao, Akihiro ^b  

^a NATIONAL INSTITUTE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY   (Japan)

^b UNIVERSITY OF TOKYO   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

BLOOM FILTERS; DDOS ATTACK; DEFENSE ARCHITECTURE; EDGE ROUTERS; FAIR SHARE; IMPLEMENTATION COMPLEXITY; INGRESS FILTERING; LINK SPEED; PARTIAL DEPLOYMENT; PLANETLAB;

COMPUTER ARCHITECTURE; DATA STRUCTURES; INTERNET;

INTERNET SERVICE PROVIDERS;

EID: 77955376540     PISSN: 05361486     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICC.2010.5502654     Document Type: Conference Paper

References (22)

1. T. M. Gil and M. Poletter, "Multops: a data-structure for bandwidth attack detection," in USENIX Security, 2001.
2. J. Mirkovic, G. Prier, and P. Reiher, "Attacking ddos at the source," in ICNP, 2002.
3. P. DU and S. Abe, "Ip packet size entropy-based scheme for detection of dos/ddos attacks," IEICE Trans Inf. & Syst, vol. 5, pp. 1274-1281, 2008.
4. P. Du, M. Chen, and A. Nakao, "Pay-as-you-admit: A new charging model of cloud computing," in ICOIN, 2010.
5. P. Du and A. Nakao, "Routelite: One-hop path splicing with path migration," in IEEE First International Conference on Future Information Networks (ICFIN), 2009.
6. V. Paxson, "Bro: A system for detecting network intruders in real-time," in USENIX SECURITY, 1998.
7. M. Roesch, "Snort - lightweight intrusion detection for networks," in USENIX LISA, 1999.
8. P. Du and A. Nakao, "Ddos defense as a network service," in IEEE/IFIP NOMS, 2010.
9. P. Ferguson and D. Senie, "Network ingress filtering: Defeating denial of service attacks which employ ip source address spoofing," in IETF, RFC 2827, 1998.
10. "Spoofer project," http://spoofer.csail.mit.edu/.
11. C. Kreibich, A. Warfield, J. Crowcroft, S. Hand, and I. Pratt, "Using packet symmetry to curtail malicious traffic," in ACM HotNets, 2005.
12. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling high bandwidth aggregates in the network," ACM SIGCOMM Computer Communication Review, vol. 32, pp. 62-73, 2002.
13. R. Mahajan, S. Floyd, and D. Wetherall, "Controlling high-bandwidth flows at the congested router," in IEEE ICNP, 2001.
14. "Worldwide infrastructure security report 2008," http://asert.arbornetworks.com/2008/11/2008-worldwide-infrastructure-se%curity- report/.
15. "Cisco netflow," http://www.cisco.com/web/go/netflow.
16. Arbor Network, "peakflow," http://arbornetworks.com.
17. E. Kohler, The Click modular router, Ph.D. thesis, MIT, 2000.
18. "Planetlab," http://www.planet-lab.org/.
19. "Netperf," http://www.netperf.org/.
20. D. Mosberger and T. Jin, "Httperf-a tool for measuring web server performance," ACM SIGMETRICS Performance Evaluation Review, vol. 26, pp. 31-37, 1998.
21. S. Kandula, D. Katabi, M. Jacob, and A. W. Berger, "Botz-4-sale: Surviving organized ddos attacks that mimic flash crowds," in USENIX NSDI, 2005.
22. J. Lemon, "Resisting syn fooding dos attacks with a syn cache," in USENIX BSDCon, 2002.