Skip to main content
SpringerLink
Log in
Book cover

International Conference on Future Generation Communication and Networking

FGCN 2009: Communication and Networking pp 301–307Cite as

Analysis of Priority Queue-Based Scheme to Alleviate Malicious Flows from Distributed DoS Attacks

  • Conference paper

  • 1196 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 56))

Abstract

In this paper, we focus on defending the DDoS attacks since they have caused many famous websites enormous losses in recent years. We propose a Priority Queue-Based scheme to analyze the interval of arrival time of the incoming packet to distinguish malicious traffic from normal traffic and to take care of malicious attacks clogging the network. We use the network simulator, NS2, to evaluate the effectiveness of the proposed scheme. The proposed Priority Queue-based scheme not only effectively decreases the flows of malicious packets from DDoS attacks with various packet rates, but also provides smooth and constant flows for packets sent by normal users. Furthermore, our priority queue-based scheme performs much better than other schemes when the number of the DDoS nodes becomes large.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lin, C.-H., Liu, J.-C., Kuo, C.-T.: An Effective Priority Queue-based Scheme to Alleviate Malicious Packet Flows from Distributed DoS attacks. In: The 4th International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIHMSP-2008), pp. 1371–1374. IEEE Press, Harbin (2008)

    Chapter  Google Scholar 

  2. Lin, C.-H., Liu, J.-C., Kuo, C.-T., Chou, M.-C., Yang, T.-C.: Safeguard Intranet Using Embedded and Distributed Firewall System. In: 2008 Second International Conference on Future Generation Communication and Networking (FGCN 2008), pp. 489–492. IEEE Press, Los Alamitos (2008)

    Chapter  Google Scholar 

  3. Lin, C.-H., Jiang, F.-C., Lai, W.-S., Lee, W.-Y., Hsu, W.-C.: Counteract SYN Flooding Using Second Chance Packet Filtering. In: Third International Conference on Ubiquitous Information Management and Communication (ICUIMC 2009). ACM Press, Korea (2009)

    Google Scholar 

  4. Goldstein, M., Lampert, C., Reif, M., Stahl., A., Breuel, T.: Bayes Optimal DDoS Mitigation by Adaptive History-Based IP Filtering. In: Seventh International Conference on Networking, pp. 174–179 (2008)

    Google Scholar 

  5. Malliga, S., Tamilarasi, A., Janani, M.: Filtering spoofed traffic at source end for defending against DoS / DDoS attacks. In: 2008 International Conference on Computing Communication and Networking, pp. 1–5 (2008)

    Google Scholar 

  6. Lin, C.-H., Liu, J.-C., Lien, C.-C.: Detection Method Based on Reverse Proxy Against Web Flooding Attacks. In: 8th International Conference on Intelligent Systems Design and Applications (ISDA-2008), Kaohsiung City, Taiwan, pp. 281–284 (2008)

    Google Scholar 

  7. Wang, B.-T., Schulzrinne, H.: An IP traceback mechanism for reflective DoS attacks. In: Proc. of IEEE Electrical and Computer Engineering 2004 (May 2004)

    Google Scholar 

  8. Song, M., Xu, J.: IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DoS Attacks. In: Proc. of 10th IEEE Int’l Conf. Network Protocols (ICNP 2002) (November 2002)

    Google Scholar 

  9. Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attacks. In: Proc. of IEEE INFOCOM 2001 (March 2001)

    Google Scholar 

  10. Su, W.-T., Lin, T.-C., Wu, C.-Y., Hsu, J.-P., Kuo, Y.-H.: An On-line DDoS Attack Traceback and Mitigation System Based on Network Performance Monitoring. In: 10th International Conference on Advanced Communication Technology, vol. 2, pp. 1467–1472 (2008)

    Google Scholar 

  11. Qu, Z.-Y., Huang, C.-F., Liu, N.-N.: A Novel Two-Step Traceback Scheme for DDoS Attacks. In: Second International Symposium on Intelligent Information Technology Application, vol. 1, pp. 879–883 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Tunghai University, Taichung, 40704, Taiwan

    Chu-Hsing Lin, Jung-Chun Liu, Chien-Ting Kuo & Chi Lo

Authors
  1. Chu-Hsing Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung-Chun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chien-Ting Kuo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chi Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Warsaw & Infobright Inc., Poland

    Dominik Ślęzak

  2. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chung Cheng University, Chiayi County, Taiwan

    Alan Chin-Chen Chang

  4. University of Western Macedonia, West Macedonia, Greece

    Thanos Vasilakos

  5. Tianjin University, China

    MingChu Li

  6. Faculty of Information Science and Electrical Engineering, Kyushu University, 6-10-1 Hakozaki, 812-8581, Fukuoka, Japan

    Kouichi Sakurai

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lin, CH., Liu, JC., Kuo, CT., Lo, C. (2009). Analysis of Priority Queue-Based Scheme to Alleviate Malicious Flows from Distributed DoS Attacks. In: Ślęzak, D., Kim, Th., Chang, A.CC., Vasilakos, T., Li, M., Sakurai, K. (eds) Communication and Networking. FGCN 2009. Communications in Computer and Information Science, vol 56. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10844-0_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10844-0_36

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10843-3

  • Online ISBN: 978-3-642-10844-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation