Skip to main content
SpringerLink
Log in

A Mechanism for Detection and Prevention of Distributed Denial of Service Attacks

  • Conference paper
Distributed Computing and Networking (ICDCN 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4308))

Included in the following conference series:

Abstract

With several critical services being provided over the Internet it has become imperative to monitor the network traffic to prevent malicious attackers from depleting the resources of the network. In this paper, we propose a mechanism to protect a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored to immediately detect any abnormal rise in the inbound traffic. This detection activates a traffic-filtering rule that pushes down the network traffic to an acceptable level by discarding packets according to measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate users and is thus more effective and robust. We have presented simulation results to demonstrate the effectiveness of the proposed mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ferguson, P., Senie, D.: Network Ingress Filtering: Defending Denial Of Service Attacks which Employ IP Source Address Spoofing. RFC 2827 (May 2000)

    Google Scholar 

  2. Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proceedings of the 14th Systems Administration Conference, Usenix LISA, December 2000, pp. 319–327 (2000)

    Google Scholar 

  3. Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback Under Denial Of Service Attack. In: Proceedings of IEEE- INFOCOM 2001, pp. 338–347. Anchorage, Alaska (2001)

    Google Scholar 

  4. Gil, T.M.: MULTOPS: A Data-Structure for Bandwidth Attack Detection. M.S. Thesis, Virije Universiteit, Amsterdam, Netherlands (August 2000)

    Google Scholar 

  5. Bencsáth, I., Buttyan, B., Vajda, L.: A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks. In: Proceedings of SoftCOM 2003, 11th International Conference on Software, Telecommunications and Computer Networks, pp. 763–767. University of Split (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, 721302, India

    Jaydip Sen & Indranil Sengupta

  2. Department of Computer Science and Engineering, Future Institute of Engineering and Management, Kolkata, 700150, India

    Piyali Roy Chowdhury

Authors
  1. Jaydip Sen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Piyali Roy Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Indranil Sengupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Iowa State University, 230 Atanasoff Hall, 50011, Ames, IA, USA

    Soma Chaudhuri

  2. Computer Science Department SUNY at Stony Brook Stony Brook, 11794-4400, NY, USA

    Samir R. Das

  3. Department of Computer Science & Engineering, Indian Institute of Technology, 781039, Guwahati, India

    Himadri S. Paul

  4. Dept. of Electrical and Computer Engineering, Iowa State University, 50010, Ames, IA, USA

    Srikanta Tirthapura

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sen, J., Chowdhury, P.R., Sengupta, I. (2006). A Mechanism for Detection and Prevention of Distributed Denial of Service Attacks. In: Chaudhuri, S., Das, S.R., Paul, H.S., Tirthapura, S. (eds) Distributed Computing and Networking. ICDCN 2006. Lecture Notes in Computer Science, vol 4308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11947950_16

Download citation

  • DOI: https://doi.org/10.1007/11947950_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68139-7

  • Online ISBN: 978-3-540-68140-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation