Abstract
We propose a two-stage Distributed Denial of Service (DDoS) defense system, which can protect a given subnet by serving existing flows and new flows with a different priority based on IP history information. Denial of Service (DoS) usually occurs when the resource of a network node or link is limited and the demand of the users for that resource exceeds the capacity. The objective of the proposed defense system is to provide continued service to existing flows even in the presence of DDoS attacks, and we attempt to achieve this goal by discriminating existing flows from new flows. The proposed scheme can protect existing connections effectively with a reduced memory size by reducing the monitored IP address set through sampling in the first stage and using Bloom filters. We evaluate the performance of the proposed scheme through simulation.
This work was supported by the IT R&D program of MKE/KEIT. [2009-S-038-01, The Development of Anti-DDoS Technology].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dagon, D., Gu, G., Lee, C.P., Lee, W.: A Taxonomy of Botnet Structures. In: Proc. of Annual Computer Security Applications Conference (ACSAC) (December 2007)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys 39(1) (April 2007)
Estan, C., Varghese, G.: New Directions in Traffic Measurement and Accounting. In: Proc. of ACM SIGCOMM (August 2002)
Kompella, R.R., Singh, S., Varghese, G.: On Scalable Attack Detection in the Network. In: Proc. of ACM Internet Measurement Conference (IMC) (October 2004)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash Crowds and Denial of Service Attacks: Characterization and Implication for CDNs and Web Sites. In: Proc. of World Wide Web (WWW) Conference (May 2002)
Peng, T., Leckie, C., Ramamohanarao, K.: Protecting from Distributed Denial of Service Attack Using History-based IP Filtering. In: Proc. of IEEE ICC, May 2003, pp. 482–486 (2003)
Peng, T., Leckie, C., Ramamohanarao, K.: Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring. In: Proc. of Networking Conference, May 2004, pp. 771–782 (2004)
Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol, Technical Report 1361, Univ. of Wisconsin-Madison (February 1998)
Crovella, M.E., Bestavros, A.: Self-similarity in world wide web traffic: evidence and possible causes. IEEE/ACM Trans. Networking 5(6), 835–846 (1997)
Sun, Z., He, D., Liang, L., Cruickshank, H.: Internet QoS and traffic modelling. IEEE Proceedings 151(5), 248–255 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nam, S.Y., Lee, T. (2009). Memory-Efficient IP Filtering for Countering DDoS Attacks . In: Hong, C.S., Tonouchi, T., Ma, Y., Chao, CS. (eds) Management Enabling the Future Internet for Changing Business and New Computing Services. APNOMS 2009. Lecture Notes in Computer Science, vol 5787. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04492-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-642-04492-2_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04491-5
Online ISBN: 978-3-642-04492-2
eBook Packages: Computer ScienceComputer Science (R0)