Abstract
Defending from DDoS attacks have become more difficult because they have evolved in many ways. Absence of a specific predetermined pattern, increase of number of attack devices, and distributed execution of the DDoS attack makes hard the recognition of the attack sources and thus application of countermeasures. When the DDoS attack is being executed, most of the cases, the target cannot provide its services normally; this is not a significant problem for non-critical application, but, for availability critical services such as stock financial, stock market, or governmental, the effect of the attack may involve huge damage. In this paper, we propose a DDoS avoidance strategy to provide service availability to those preregistered important users. In the proposed strategy, we divide the attack scenario in different time points and provide alternative access channels to already authenticated and other valid users.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Choi, Y.S., Oh, J.T., Jang, J.S., Ryou, J.C.: Integrated DDoS attack defense infrastructure for effective attack prevention. In: Information Technology Convergence and Services (ITCS2010), Aug. 2010, pp. 1–6 (2010)
Kang, J., Zhang, Y., Ju, J.B.: Classifying DDoS attacks by hierarchical clustering based on similarity. In: International Conference on Machine Leaning and Cybernetics (ICMLC2006), Aug. 2006, pp. 2712–2717 (2006)
Xu, J., Lee, W.: Sustaining availability of web services under distributed denial of service attacks. IEEE Trans. Comput. 52(2) (2003). doi:10.1109/TC.2003.1176986
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based ip filtering. In: IEEE International Conference on Communications (ICC2003), May 2003, pp. 482–486 (2003)
Haining, W., Shin, K.G.: Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks. IEEE Trans. Parallel Distrib. Syst. 14(9) (2003). doi:10.1109/TPDS.2003.1233710
Yan, R., Zheng, Q., Niu, G., Gao, S.: A new way to detect DDoS attacks within single router. In: IEEE International Conference on Communication Systems (ICCS2008), Nov. 2008, pp. 1192–1196 (2008)
Yim, H.B., Kim, T.W.: Probabilistic route selection algorithm to trace DDoS attack traffic source. In: IEEE International Conference on Information Science and Application (ICISA2011), Apr. 2011, pp. 1–8 (2011)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: DDoS tolerant networks. In: IEEE International Conference on DARPA Information Survivability Conference and Exposition (DISCEX2003), Apr. 2003, pp. 73–75 (2003)
Sterne, D., et al.: Active network based DDoS defense. In: IEEE International Conference on DARPA Active Network Conference and Exposition (DISCEX2002), May 2002, pp. 193–203 (2002)
Wu, Y.C., Tseng, H.R., Yang, W., Jan, R.H.: DDoS detection and traceback with decision tree and grey relational analysis. In: IEEE International Conference on Multimedia and Ubiquitous Engineering (MUE2008), Jun. 2009, pp. 306–314 (2009)
Zhaoyang, Q., Chunfeng, H., Ningning, L.: A Novel Two-Step Traceback Scheme for DDoS Attacks. In: IEEE International Conference on Intelligent Information Technology Application (IITA2008), Dec. 2008, pp. 879–883 (2008)
Shui, Y., Wanlei, Z., Doss, R., Weijia, J.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3) (2011). doi:10.1109/TPDS.2010.97
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kang, SH., Park, KY., Yoo, SG. et al. DDoS avoidance strategy for service availability. Cluster Comput 16, 241–248 (2013). https://doi.org/10.1007/s10586-011-0185-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-011-0185-4