Attack diagnosis: throttling distributed denial-of-service attacks close to the attack sources
ICCCN(2005)
摘要
Attack mitigation schemes actively throttle attack traffic generated in distributed denial-of-service (DDoS) attacks. This paper presents attack diagnosis (AD), a novel attack mitigation scheme that combines the concepts of Pushback and packet marking. AD's architecture is inline with the ideal DDoS attack countermeasure paradigm, in which attack detection is performed near the victim host and attack mitigation is executed close to the attack sources. AD is a reactive defense that is activated by a victim host after an attack has been detected. A victim activates AD by sending AD-related commands to its upstream routers. On receipt of such commands, the AD-enabled upstream routers deterministically mark each packet destined for the victim with the information of the input interface that processed that packet. By collecting the router interface information recorded in the packet markings, the victim can trace back the attack traffic to the attack sources. Once the traceback is complete, the victim issues messages that command AD-enabled routers to filter attack packets close to the source. The AD commands can be authenticated by the TTL field of the IP header without relying on any global key distribution infrastructure in Internet. Although AD can effectively filter traffic generated by a moderate number of attack sources, it is not effective against large-scale attacks. To address this problem, we propose an extension to AD called parallel attack diagnosis (PAD) that is capable of throttling traffic coming from a large number of attack sources simultaneously. AD and PAD are analyzed and evaluated using a realistic network topology based on the Skitter Internet map. Both schemes are shown to be robust against IP spoofing and incur low false positive ratios.
更多查看译文
关键词
ip header,parallel attack diagnosis,ip networks,packet marking,attack diagnosis,global key distribution infrastructure,distributed denial-of-service,pad,ttl field,telecommunication network topology,realistic network topology,ddos attack,telecommunication services,attack mitigation scheme,internet,transistor-transistor logic,telecommunication security,pushback marking,counter-measure paradigm,skitter internet map,internet protocol,security of data,false positive,distributed denial of service,key distribution,ip spoofing,network topology
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络