Skip to main content
SpringerLink
Log in

A Comparative Analysis of Various Deployment Based DDoS Defense Schemes

  • Conference paper
Quality, Reliability, Security and Robustness in Heterogeneous Networks (QShine 2013)

Abstract

Distributed denial of service attack is a major threat to the availability of internet services and resources. The current internet infrastructure is vulnerable to DDoS attacks and has no built in mechanism to defend against them. The main task of the defense system is to accurately detect and respond against DDoS attacks. A variety of DDoS defense solutions are available but having difficulties to choose among them. There are different places in the internet, where a defense system can be deployed. The various points in the internet where defense systems can be deployed are identified and discussed here. A comparative analysis of different defense schemes corresponding to deployment points are also carried out. The main aim of this review paper is to provide an individual or academia to insight into various possible deployments locations suitable for DDoS defense system. It helps them to choose an appropriate defense method and suitable deployment location.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Karig, D., Lee, R.: Remote Denial of Service Attacks and Countermeasures. Technical Report CEL2001-002, Department of Electrical Engineering, Princeton University (2001)

    Google Scholar 

  2. Yahoo on Trail of Site Hackers, http://www.wired.com/techbiz/media/news/2000/02/34221

  3. Spam block lists bombed to oblivion, http://www.msnbc.msn.com/id/3088113

  4. Sachdeva, M., Singh, G., Kumar, K.: A Comprehensive Survey of Distributed Defense Techniques Against DDoS Attacks. International Journal of Computer Science and Network Security 9(12) (2009)

    Google Scholar 

  5. Canonico, R., Cotroneo, D., Peluso, L., Romano, S., Ventre, G.: Programming Routers to Improve Network Security. In: Proc. of the OPENSIG 2001 Workshop, Next Generation Network Programming (2001)

    Google Scholar 

  6. Mirkovic, J., Reiher, P.: A Taxonomy of DDoS attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communications Review 34(2), 39–53 (2004)

    Article  Google Scholar 

  7. Defenses against distributed denial of service attacks, http://www.garykessler.net/library/ddos.html

  8. Lin, S., Chieuh, T.: A Survey on Solutions to Distributed Denial of Service Attacks. RPE Technical Report (September 2006)

    Google Scholar 

  9. Chen, L., Longstaff, T., Carley, K.: Characterization of Defense Mechanisms Against Distributed Denial of Service Attacks. Computers & Security, 665–678 (2004)

    Google Scholar 

  10. Abliz, M.: Internet denial of service attacks and defense mechanisms. University of Pittsburgh Technical Report, No. TR-11-178 (2011)

    Google Scholar 

  11. Sachdeva, M., Singh, G., Kumar, K.: Deployment of Distributed Defense Against DDoS attacks in ISP domain. International Journal of Computer Applications 15(2) (2011)

    Google Scholar 

  12. Fadlallah, A., Serhrouchni, A.: Denial of service attacks and defense schemes analysis and taxonomy. In: 3rd International Conference: Sciences of Electronics Technologies of Information and Telecomm., TUNISIA (March 2005)

    Google Scholar 

  13. Mirkovic, J., Dietrich, S., Dittrich, D.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall (December 2004)

    Google Scholar 

  14. Mirkovic, J., Prier, G., Reiher, P.: Source-end DDoS Defense. In: Proceedings of Network Computing and Applications Symposium NCA (2003)

    Google Scholar 

  15. Cert advisory ca-2000-01 Denial-of-Service Developments, http://www.cert.org/advisories/CA-2000-01.html

  16. Sung, M., Xu, J.: IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Detecting Against Internet DDoS Attacks. In: Proc. of 10th IEEE International Conference on Network Protocols (2002)

    Google Scholar 

  17. Chen, S., Song, Q.: Perimeter-Based Defense against High Bandwidth DDoS Attacks. IEEE Transactions on Parallel and Distributed Systems 16(6) (2005)

    Google Scholar 

  18. Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems 18(12) (2007)

    Google Scholar 

  19. Tupakula, U., Varadharajan, V.: A Controller Agent Model to Counteract DoS Attacks in Multiple Domains. In: Proc. of Integrated Network Management, IFIP/IEEE 8th International Symposium (2003)

    Google Scholar 

  20. Mahajan, R., Bellovin, S., Floyd, S., Ioannidis, J., Paxson, V., Shenker, S.: Controlling High Bandwidth Aggregates in the Network. ACM Computer Communications Review 32(3) (2002)

    Google Scholar 

  21. Ioannidis, J., Bellovin, S.: Pushback: Router-Based Defense against DDoS Attacks. In: Proc. of NDSS (February 2002)

    Google Scholar 

  22. Mirkovic, J., Robinson, M., Reiher, P., Oikonomou, G.: A Framework for Collaborative DDoS Defense. In: Proc. of the 22nd Annual Computer Security Applications Conference, Miami, Florida, USA, pp. 33–42 (December 2006)

    Google Scholar 

  23. Thomas, R., Mark, B., Johnson, T.: Net bouncer: Client-Legitimacy-Based High Performance DDoS Filtering. In: Proc. of the DARPA Information Survivability Conference and Exposition. IEEE (2003)

    Google Scholar 

  24. Xiang, Y., Zhou, W., Chowdhury, M.: A Survey of Active and Passive Defence Mechanisms against DDoS Attacks. Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia (March 2004)

    Google Scholar 

  25. Evans, J., Filsfils, C.: Deploying IP and MPLS QoS for multiservice networks. Theory and Practice. Morgan Kaufmann (2007)

    Google Scholar 

  26. Molsa, J.: Effectiveness of Rate-Limiting in Mitigating Flooding DoS Attacks. In: Proc. of the Third IASTED International Conference on Communications, Internet, and Information Technology, pp. 155–160 (2004)

    Google Scholar 

  27. Sterne, D., Djahandari, K., Wilson, B., Babson, B., Schnackenberg, D., Holliday, H., Reid, T.: Autonomic Response to Distributed Denial of Service Attacks. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, p. 134. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Seth Jai Parkash Polytechnic, Damla, Yamuna Nagar, Haryana, India

    Karanbir Singh

  2. Chandigarh Engineering College, Landran, Mohali, Punjab, India

    Navdeep Kaur

  3. Tilak Raj Chadha Institute of Management & Technology, Yamuna Nagar, Haryana, India

    Deepa Nehra

Authors
  1. Karanbir Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Navdeep Kaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Deepa Nehra
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gautam Buddha University, Greater Noida, 201310, India

    Karan Singh  & Amit K. Awasthi  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Singh, K., Kaur, N., Nehra, D. (2013). A Comparative Analysis of Various Deployment Based DDoS Defense Schemes. In: Singh, K., Awasthi, A.K. (eds) Quality, Reliability, Security and Robustness in Heterogeneous Networks. QShine 2013. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37949-9_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37949-9_53

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37948-2

  • Online ISBN: 978-3-642-37949-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation