Abstract
With several critical services being provided over the Internet it has become imperative to monitor the network traffic to prevent malicious attackers from depleting the resources of the network. In this paper, we propose a mechanism to protect a web-server against a Distributed Denial of Service (DDoS) attack. Incoming traffic to the server is continuously monitored to immediately detect any abnormal rise in the inbound traffic. This detection activates a traffic-filtering rule that pushes down the network traffic to an acceptable level by discarding packets according to measured relative traffic levels of each of the active sources. The proposed mechanism does not affect legitimate users and is thus more effective and robust. We have presented simulation results to demonstrate the effectiveness of the proposed mechanism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferguson, P., Senie, D.: Network Ingress Filtering: Defending Denial Of Service Attacks which Employ IP Source Address Spoofing. RFC 2827 (May 2000)
Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proceedings of the 14th Systems Administration Conference, Usenix LISA, December 2000, pp. 319–327 (2000)
Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback Under Denial Of Service Attack. In: Proceedings of IEEE- INFOCOM 2001, pp. 338–347. Anchorage, Alaska (2001)
Gil, T.M.: MULTOPS: A Data-Structure for Bandwidth Attack Detection. M.S. Thesis, Virije Universiteit, Amsterdam, Netherlands (August 2000)
Bencsáth, I., Buttyan, B., Vajda, L.: A Game Based Analysis of the Client Puzzle Approach to Defend Against DoS Attacks. In: Proceedings of SoftCOM 2003, 11th International Conference on Software, Telecommunications and Computer Networks, pp. 763–767. University of Split (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sen, J., Chowdhury, P.R., Sengupta, I. (2006). A Mechanism for Detection and Prevention of Distributed Denial of Service Attacks. In: Chaudhuri, S., Das, S.R., Paul, H.S., Tirthapura, S. (eds) Distributed Computing and Networking. ICDCN 2006. Lecture Notes in Computer Science, vol 4308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11947950_16
Download citation
DOI: https://doi.org/10.1007/11947950_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68139-7
Online ISBN: 978-3-540-68140-3
eBook Packages: Computer ScienceComputer Science (R0)