Document Type
Article
Date
2007
Keywords
Distributed denial of service, Network security, Stateful attacks
Language
English
Disciplines
Computer Sciences
Description/Abstract
The goal of a DDoS (distributed denial of service) attack is to completely tie up certain resources so that legitimate users are not able to access a service. It has long been an open security problem of the Internet. In this paper, we identify a class of stateful DDoS attacks that defeat the existing cookie-based solutions. To counter these attacks, we propose a new defense mechanism, called targeted filtering, which establishes filters at a firewall and automatically converges the filters to the flooding sources while leaving the rest of the Internet unblocked. We prove the correctness of the proposed defense mechanism, evaluate its efficiency by analysis and simulations, and establish its worst-case performance bounds in response to stateful DDoS attacks. We have also implemented a Linux-based prototype with experimental results that demonstrate the effectiveness of targeted filtering.
Recommended Citation
Chen, Shigang; Tang, Yong; and Du, Wenliang, "Stateful DDoS attacks and targeted filtering" (2007). Electrical Engineering and Computer Science - All Scholarship. 131.
https://surface.syr.edu/eecs/131
