Abstract
Owing to the increasing threat of malwares and attacks, the defense mechanism design of various attacks becomes an important issue. Currently, there are various kinds of malwares, such as computer viruses, Trojan-horses, spywares, adwares, worms, and zombies, etc. Attacks are like zero-day attack, black-hole attack, Denial of Service attacks, man-in-the-middle attack and so on. The above attacks will be threats to the computer systems. This article focuses on the defense mechanism for Distributed Denial of Service (DDoS) attacks. DDoS attacks use a lot of request packets or garbage packets to occupy network bandwidth and consume performance of the target host. If the attack target is a commercial website, DDoS attacks will cause transmission delay and more seriously they will deny web services. In this paper, we propose a Double Check Priority Queue structure that effectively mitigates the impact of DDoS attacks in order that normal users can still access services.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Belenky A, Ansari N (2003) On IP traceback. IEEE Commun Mag 41(7):142–153
Bi J, Liu B, Wu J, Shen Y (2009) Preventing IP source address spoofing: a two-level, state machine-based method. Tsinghua Sci Technol 14(4):413–422
Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Int Comput 10(1):82–89
Chang RKC (2002) Defending against flooding-based distributed denial-of-service attacks: a tutorial. IEEE Commun Mag 40(10):42–51
Chen Y, Kwok Y-K, Hwang K (2005) MAFIC: adaptive packet dropping for cutting malicious flows to push back DDoS attacks. In: Proceedings of 25th IEEE international conference on distributed computing systems workshops 2005, June 2005
Gao Z, Ansari N (2005) Tracing cyber attacks from the practical perspective. IEEE Commun Mag 43(5):123–131
Hilgenstieler E, Duarte EP Jr, Mansfield-Keeni G, Shiratori N (2010) Extensions to the source path isolation engine for precise and efficient log-based IP traceback. Comput Secur 29(4):383–392
Kim Y, Jo J-Y, Chao HJ, Merat F (2003) High-speed router filter for blocking TCP flooding under DDoS attack. In: Proceedings of the 2003 IEEE international performance, computing, and communications conference, Dec 2003, pp 183–190
Lin C-H, Liu J-C, Jiang F-C, Kuo C-T (2008) An Effective priority queue-based scheme to alleviate malicious packet flows from distributed DoS attacks. In: International conference on intelligent information hiding and multimedia signal processing, IIHMSP ’08, 15–17 Aug 2008, pp 1371–1374
Maciá-Fernández G, Rodríguez-Gómez RA, Díaz-Verdejo JE (2010) Defense techniques for low-rate DoS attacks against application servers. Comput Netw 54(15):2711–2727
Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput Commun Rev 34(2):39–54
Noureldien N (2002) Protecting web servers from DoS/DDoS flooding attacks: a technical overview. In: International conference on web-management for international organizations, Oct 2002
Qu Z-Y, Huang C-F, Liu N-N (2008) A novel two-step traceback scheme for DDoS attacks. In: second international symposium on intelligent information technology application, 20–22 Dec 2008, pp 879–883
Stefan A (2000) Intrusion detection systems: a survey and taxonomy. Technical report 99-15, Department of Computer Engineering, Chalmers University
Sudip M, Venkata Krishna P, Kiran IA, Navin S, Fredun S (2010) An adaptive learning routing protocol for the prevention of distributed denial of service attacks in wireless mesh networks. Comput Math Appl 60(2):294–306
Tao P, Christopher L, Kotagiri R (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1)
Trostle J (2006) Protecting against distributed denial of service (DDoS) attacks using distributed filtering. Securecomm and workshops, pp 1–11
Acknowledgments
This work was supported in part by Taiwan National Science Council under grants NSC 99-2221-E-029-039-MY3.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lin, CH., Lin, HY., Wu, TW. et al. Preserving quality of service for normal users against DDoS attacks by using Double Check Priority Queues. J Ambient Intell Human Comput 4, 275–282 (2013). https://doi.org/10.1007/s12652-011-0091-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-011-0091-x