Abstract
Distributed denial of service attack is a major threat to the availability of internet services and resources. The current internet infrastructure is vulnerable to DDoS attacks and has no built in mechanism to defend against them. The main task of the defense system is to accurately detect and respond against DDoS attacks. A variety of DDoS defense solutions are available but having difficulties to choose among them. There are different places in the internet, where a defense system can be deployed. The various points in the internet where defense systems can be deployed are identified and discussed here. A comparative analysis of different defense schemes corresponding to deployment points are also carried out. The main aim of this review paper is to provide an individual or academia to insight into various possible deployments locations suitable for DDoS defense system. It helps them to choose an appropriate defense method and suitable deployment location.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Karig, D., Lee, R.: Remote Denial of Service Attacks and Countermeasures. Technical Report CEL2001-002, Department of Electrical Engineering, Princeton University (2001)
Yahoo on Trail of Site Hackers, http://www.wired.com/techbiz/media/news/2000/02/34221
Spam block lists bombed to oblivion, http://www.msnbc.msn.com/id/3088113
Sachdeva, M., Singh, G., Kumar, K.: A Comprehensive Survey of Distributed Defense Techniques Against DDoS Attacks. International Journal of Computer Science and Network Security 9(12) (2009)
Canonico, R., Cotroneo, D., Peluso, L., Romano, S., Ventre, G.: Programming Routers to Improve Network Security. In: Proc. of the OPENSIG 2001 Workshop, Next Generation Network Programming (2001)
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communications Review 34(2), 39–53 (2004)
Defenses against distributed denial of service attacks, http://www.garykessler.net/library/ddos.html
Lin, S., Chieuh, T.: A Survey on Solutions to Distributed Denial of Service Attacks. RPE Technical Report (September 2006)
Chen, L., Longstaff, T., Carley, K.: Characterization of Defense Mechanisms Against Distributed Denial of Service Attacks. Computers & Security, 665–678 (2004)
Abliz, M.: Internet denial of service attacks and defense mechanisms. University of Pittsburgh Technical Report, No. TR-11-178 (2011)
Sachdeva, M., Singh, G., Kumar, K.: Deployment of Distributed Defense Against DDoS attacks in ISP domain. International Journal of Computer Applications 15(2) (2011)
Fadlallah, A., Serhrouchni, A.: Denial of service attacks and defense schemes analysis and taxonomy. In: 3rd International Conference: Sciences of Electronics Technologies of Information and Telecomm., TUNISIA (March 2005)
Mirkovic, J., Dietrich, S., Dittrich, D.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall (December 2004)
Mirkovic, J., Prier, G., Reiher, P.: Source-end DDoS Defense. In: Proceedings of Network Computing and Applications Symposium NCA (2003)
Cert advisory ca-2000-01 Denial-of-Service Developments, http://www.cert.org/advisories/CA-2000-01.html
Sung, M., Xu, J.: IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Detecting Against Internet DDoS Attacks. In: Proc. of 10th IEEE International Conference on Network Protocols (2002)
Chen, S., Song, Q.: Perimeter-Based Defense against High Bandwidth DDoS Attacks. IEEE Transactions on Parallel and Distributed Systems 16(6) (2005)
Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems 18(12) (2007)
Tupakula, U., Varadharajan, V.: A Controller Agent Model to Counteract DoS Attacks in Multiple Domains. In: Proc. of Integrated Network Management, IFIP/IEEE 8th International Symposium (2003)
Mahajan, R., Bellovin, S., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. ACM Computer Communications Review 32(3) (2002)
Ioannidis, J., Bellovin, S.: Pushback: Router-Based Defense against DDoS Attacks. In: Proc. of NDSS (February 2002)
Mirkovic, J., Robinson, M., Reiher, P., Oikonomou, G.: A Framework for Collaborative DDoS Defense. In: Proc. of the 22nd Annual Computer Security Applications Conference, Miami, Florida, USA, pp. 33–42 (December 2006)
Thomas, R., Mark, B., Johnson, T.: Net bouncer: Client-Legitimacy-Based High Performance DDoS Filtering. In: Proc. of the DARPA Information Survivability Conference and Exposition. IEEE (2003)
Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defence Mechanisms against DDoS Attacks. Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia (March 2004)
Evans, J., Filsfils, C.: Deploying IP and MPLS QoS for multiservice networks. Theory and Practice. Morgan Kaufmann (2007)
Molsa, J.: Effectiveness of Rate-Limiting in Mitigating Flooding DoS Attacks. In: Proc. of the Third IASTED International Conference on Communications, Internet, and Information Technology, pp. 155–160 (2004)
Sterne, D., Djahandari, K., Wilson, B., Babson, B., Schnackenberg, D., Holliday, H., Reid, T.: Autonomic Response to Distributed Denial of Service Attacks. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, p. 134. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Singh, K., Kaur, N., Nehra, D. (2013). A Comparative Analysis of Various Deployment Based DDoS Defense Schemes. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_53
Download citation
DOI: https://doi.org/10.1007/978-3-642-37949-9_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37948-2
Online ISBN: 978-3-642-37949-9
eBook Packages: Computer ScienceComputer Science (R0)