Abstract
In this paper, we focus on defending the DDoS attacks since they have caused many famous websites enormous losses in recent years. We propose a Priority Queue-Based scheme to analyze the interval of arrival time of the incoming packet to distinguish malicious traffic from normal traffic and to take care of malicious attacks clogging the network. We use the network simulator, NS2, to evaluate the effectiveness of the proposed scheme. The proposed Priority Queue-based scheme not only effectively decreases the flows of malicious packets from DDoS attacks with various packet rates, but also provides smooth and constant flows for packets sent by normal users. Furthermore, our priority queue-based scheme performs much better than other schemes when the number of the DDoS nodes becomes large.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Lin, C.-H., Liu, J.-C., Kuo, C.-T.: An Effective Priority Queue-based Scheme to Alleviate Malicious Packet Flows from Distributed DoS attacks. In: The 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP-2008), pp. 1371–1374. IEEE Press, Harbin (2008)
Lin, C.-H., Liu, J.-C., Kuo, C.-T., Chou, M.-C., Yang, T.-C.: Safeguard Intranet Using Embedded and Distributed Firewall System. In: 2008 Second International Conference on Future Generation Communication and Networking (FGCN 2008), pp. 489–492. IEEE Press, Los Alamitos (2008)
Lin, C.-H., Jiang, F.-C., Lai, W.-S., Lee, W.-Y., Hsu, W.-C.: Counteract SYN Flooding Using Second Chance Packet Filtering. In: Third International Conference on Ubiquitous Information Management and Communication (ICUIMC 2009). ACM Press, Korea (2009)
Goldstein, M., Lampert, C., Reif, M., Stahl., A., Breuel, T.: Bayes Optimal DDoS Mitigation by Adaptive History-Based IP Filtering. In: Seventh International Conference on Networking, pp. 174–179 (2008)
Malliga, S., Tamilarasi, A., Janani, M.: Filtering spoofed traffic at source end for defending against DoS / DDoS attacks. In: 2008 International Conference on Computing Communication and Networking, pp. 1–5 (2008)
Lin, C.-H., Liu, J.-C., Lien, C.-C.: Detection Method Based on Reverse Proxy Against Web Flooding Attacks. In: 8th International Conference on Intelligent Systems Design and Applications (ISDA-2008), Kaohsiung City, Taiwan, pp. 281–284 (2008)
Wang, B.-T., Schulzrinne, H.: An IP traceback mechanism for reflective DoS attacks. In: Proc. of IEEE Electrical and Computer Engineering 2004 (May 2004)
Song, M., Xu, J.: IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DoS Attacks. In: Proc. of 10th IEEE Int’l Conf. Network Protocols (ICNP 2002) (November 2002)
Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attacks. In: Proc. of IEEE INFOCOM 2001 (March 2001)
Su, W.-T., Lin, T.-C., Wu, C.-Y., Hsu, J.-P., Kuo, Y.-H.: An On-line DDoS Attack Traceback and Mitigation System Based on Network Performance Monitoring. In: 10th International Conference on Advanced Communication Technology, vol. 2, pp. 1467–1472 (2008)
Qu, Z.-Y., Huang, C.-F., Liu, N.-N.: A Novel Two-Step Traceback Scheme for DDoS Attacks. In: Second International Symposium on Intelligent Information Technology Application, vol. 1, pp. 879–883 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lin, CH., Liu, JC., Kuo, CT., Lo, C. (2009). Analysis of Priority Queue-Based Scheme to Alleviate Malicious Flows from Distributed DoS Attacks. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_36
Download citation
DOI: https://doi.org/10.1007/978-3-642-10844-0_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10843-3
Online ISBN: 978-3-642-10844-0
eBook Packages: Computer ScienceComputer Science (R0)