Abstract
Denial of Service attacks are easy to implement, difficult to trace, and inflict serious damage on target networks in a short amount of time. This model eliminates attack packets from a router using probability packet inspection as an automated defense against DoS. The detection module begins with an initial probability for inspecting packets. As an attack commences and the occupied bandwidth of the channel increases, the detection module optimizes the inspection probability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Moore, D., Voelker, G., Savage, S.: Inferring Internet Denial-of-Service Activity (February 2001)
Lan., F., Rubin, S.H., Smith, M.H., Trajovic, L.: Distributed Denial of Service Attacks. IEEE International Conference on System, Man, and Cybernetics (2000)
Gibson, S.: DRDoS (February 2002), http://grc.com/doc/drdos/htm
Axelsson, S.: Intrusion detection systems: A survey and taxonomy., Technicalreport, De-part. Of Computer Engineering, Chalmers University (2000)
Peng, T., Leckie, C., Ramamohanarao, K.: Detecting Distributed Denial of Service Attack Using Source IP Address Monitoring
Goodrich, M.T.: Efficient Packet Masking for Large-Scale IP Traceback. In: CCS 2002 (November 2002)
Bellovin, S., Taylor, T.: ICMP Traceback Message, RFC 2026, Internet Engineering Task Force (2003)
Ferguson, P., Senie, D.: Em Network ingress filtering: Defeating denial of service at-tacks which employ ip source address spoofing. In: RFC 2827 (2001)
Cho, K., Kaizaki, R., Kato, A.: An Aggregation Technique for Traf.c Monitoring. In: IEEE Proceedings of the 2002 Symposium on Applications and the Internet (2002)
Jin, C., Wang, H., Shin, K.G.: Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic. In: CCS 2003 (October 2003)
Yih Huang, J., Pullen, M.: Countering Denial-of-Service Attacks Using Congestion Trig-gered Packet Sampling and Filtering (2001)
Sangpachatanaruk, C., Khattab, S.M., Znati, T., Melhem, R., Moss, D.: A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks (2002)
Mukkamala, S., Janoski, G., Sung, A.H.: Intrusion Detection Using Neural Network and Support Vector Machine. IEEE, Los Alamitos (2002)
Mukkamala, S., Sung, A.H., Abraham, A.: Intrusion Detection Using Ensemble of Soft Computing Paradigms (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, J., Cho, J., Moon, J. (2005). Automated Immunization Against Denial-of-Service Attacks Featuring Stochastic Packet Inspection. In: Zhuge, H., Fox, G.C. (eds) Grid and Cooperative Computing - GCC 2005. GCC 2005. Lecture Notes in Computer Science, vol 3795. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11590354_4
Download citation
DOI: https://doi.org/10.1007/11590354_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30510-1
Online ISBN: 978-3-540-32277-1
eBook Packages: Computer ScienceComputer Science (R0)