Abstract
A scheme that defending against distributed denial of service (DDoS) attacks adopts the mechanism of Distribution-based Secure Overlay Nodes (DSON) to a large-scale ISP (Internet Service Provider) network is presented. The scheme uses local BPG announcement to divert traffic to the overlay network when experiencing high load, then filtering algorithm based on the technology of signal processing is applied to the diverted traffic. This algorithm detects and filters out DDoS attacks in frequency domain to allow targets to provide good service to legitimate traffic, with fast reaction and high energy ratio of legitimate to attacks traffic. DSON is implemented and installed on the monitor points of large-scale ISP network associated with the corresponding routers, edge router, border router, and core router, with no requirement for the modifying to network architecture, infrastructure, and protocol.
Chapter PDF
Similar content being viewed by others
Keywords
References
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Architecture for Mitigating DDoS Attacks. Journal, IEEE Journal on selected areas in communications 22(1), 176–188 (2004)
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: Proc. of ACM SIGCOMM 2002, August 2002, ACM Press, New York (2002)
Chen, S., Chow, R.: A New Perspective in Defending against DDoS. Distributed Computing Systems. In: FTDCS 2004. Proceedings. 10th IEEE International Workshop on Future Trends, 26-28 May 2004, pp. 186–90 (2004)
Hamano, T., Suzuki, R., et al.: A Redirection-based Defense Mechanism against Flood-type Attacks in Large-scale ISP Networks. In: Proceedings, 10th Asia-Pacific Conference on Communications and 5th International Symposium on Multi-Dimensional Mobile Communications, Taiwan, pp. 1–15 (2001)
Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the source. In: Proceedings, 10th IEEE International Conference on Network Protocols, Paris, France, November 2002, pp. 312–321. IEEE Computer Society Press, Los Alamitos (2002)
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial Service: Attack and Defense Mechanisms. In: Prentic Hall Professional Technical Reference, Coirier in Stoughton, Massachusetts (December 2004), ISBN: 0-13-147573-8
Technical report, DDoS attack and defense of CERNET, CCERT, report, Network Research Center, Tsinghua University (March 2005)
DDoS Mitigation: Maintaining Business Continuity in the Face of Malicious Attacks, report, Technical Note, Riverhead, Cisco (2004)
Cheng, C.-M., Kung, H.T., Tan, K.-S.: Use of Spectral Analysis in Defense Against DoS Attacks. In: Proceedings, IEEE GLOBECOM (2002)
Chen, Y., Hwang, K., Kwok, Y.-K.: Filtering of Shrew DDoS Attacks in Frequency Domain. In: Proceedings of the IEEE Conference on Local Computer Networks, 30th Anniversary, 15-17 November 2005, pp. 786–793 (2005)
Chen, Y., Hwang, K., Kwok, Y.-K.: Collaborative Defense against Periodic Shrew DDoS Attacks in Frequency Domain. Journal, ACM Transactions on Information and System Security (TISSEC), 1–30 (May 3, 2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Wu, Zj., Zhang, D. (2007). Scheme of Defending Against DDoS Attacks in Large-Scale ISP Networks. In: Li, K., Jesshope, C., Jin, H., Gaudiot, JL. (eds) Network and Parallel Computing. NPC 2007. Lecture Notes in Computer Science, vol 4672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74784-0_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-74784-0_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74783-3
Online ISBN: 978-3-540-74784-0
eBook Packages: Computer ScienceComputer Science (R0)