Article

Free access

A practical method to counteract denial of service attacks

Authors:

Udaya Kiran Tupakula,

Vijay VaradharajanAuthors Info & Claims

ACSC '03: Proceedings of the 26th Australasian computer science conference - Volume 16

Pages 275 - 284

Published: 01 February 2003 Publication History

Abstract

Today distributed denial of service (DDoS) attacks are causing major problems to conduct online business over the Internet. Recently several schemes have been proposed on how to prevent some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this paper, we propose a Controller-Agent model that would greatly minimize DDoS attacks on Internet. With a new packet marking technique and agent design our scheme is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses. Our scheme is invoked only during attack times, is able to process the victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, can prevent the attack traffic at the nearest router to the attacking system, has fast response time, is simple in its implementation and can be incrementally deployed. Hence we believe that the scheme proposed in this paper seems to be a promising approach to prevent distributed denial of service attacks

References

[1]

{BC00} Hal Burch and Bill Cheswick: Tracing Anonymous Packets to Their Approximate Source. In proceedings of Usenix LISA, December 2000.

Digital Library

[2]

{Bel00} Steve Bellovin: The ICMP Traceback Message. http://www.research.att.com/~smb, 2000.

[3]

{Bel89} S.M.Bellovin: Security Problems in the TCP/IP Protocol Suit. ACM Computer Communications Review, 19(2): 32-48, Apr.1989.

Digital Library

[4]

{CER00} Computer Emergency Response Team. CERT Advisory CA-2000-01 Denial-of-Service developments. http://www.cert.org/advisories/CA- 2000-01.html, Jan.2000.

[5]

{CER99} Computer Emergency Response Team. CERT Advisory CA-1999-17 Denial-of-Service Tools. http://www.cert.org/advisories/CA-1999-17.html.

[6]

{DFS01} Drew Dean, Matt Franklin and Adam Stubblefield: An Algebraic Approach to IP Traceback. In proceedings of NDSS'01, February 2001.

[7]

{DD99} D.Dittrich: The "stacheldraht" distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/stacheldraht.a nalysis.txt, Dec.1999.

[8]

{DO99} D.Dittrich: The "Tribe Flood Network" distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/tfn.analysis, Oct.1999.

[9]

{FS98} P.Ferguson and D.Senie: Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267, January 1998.

Digital Library

[10]

{How98} John Howard: An Analysis of Security Incidents on the Internet. Ph.D.thesis, Carnegie Mellon University, Aug. 1998.

[11]

{MBFIPS01} Ratul Mahajan, Steven M.Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker: Controlling High Bandwidth Aggregates in the Network. Draft, February 2001.

[12]

{MVS01} David Moore, Geoffrey M. Voelker and Stefan Savage, "Inferring Internet Denial -of-Service Activity," In proceedings of the 10th USENIX Security Symposium, August 2001.

Digital Library

[13]

{Pos81} J.Postel : Internet Protocol. RFC 791,Sept. 1981.

Digital Library

[14]

{SAN00} SANS Institute Resources. Egress Filtering. February 2000. http://www.sans.org/y2k/egress.htm.

[15]

{SWKA00} Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson: Practical Network Support for IP Traceback. In Proceedings of the 2000 ACM SIGCOMM Conference, pages 295-306, August 2000.

Digital Library

[16]

{SP00} D. Song and A.Perrig: Advanced and Authenticated Marking Schemes for IP Traceback. Technical Report UCB/CSD-00-1107, University of California, Berkeley, June 2000.

[17]

{Sto00} Robert Stone: "CenterTrack: An IP Overlay Network for Tracking DoS Floods," In proceedings of 9th Usenix Security Symposium, August 2000.

Digital Library

Cited By

Freet DAgrawal RChbeir RAgrawal RBiskri I(2016)An overview of architectural and security considerations for named data networking (NDN)Proceedings of the 8th International Conference on Management of Digital EcoSystems10.1145/3012071.3012092(52-57)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/3012071.3012092
Tupakula UVaradharajan VCho YShin SKim SHung CHong J(2014)Secure monitoring for dementia patientsProceedings of the 29th Annual ACM Symposium on Applied Computing10.1145/2554850.2554950(14-19)Online publication date: 24-Mar-2014
https://dl.acm.org/doi/10.1145/2554850.2554950
Fallah MKahani N(2014)TDPFSecurity and Communication Networks10.1002/sec.7257:2(245-264)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1002/sec.725
Show More Cited By

Index Terms

A practical method to counteract denial of service attacks
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Mitigating denial of service attacks: a tutorial

This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Denial of service attacks, defences and research challenges

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...
How well can congestion pricing neutralize denial of service attacks?
SIGMETRICS '12: Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems

Denial of service protection mechanisms usually require classifying malicious traffic, which can be difficult. Another approach is to price scarce resources. However, while congestion pricing has been suggested as a way to combat DoS attacks, it has not ...

Comments

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ACSC '03: Proceedings of the 26th Australasian computer science conference - Volume 16

February 2003

368 pages

ISBN:0909925941

Editor:
Michael J. Oudshoorn
University of Adelaide, Australia

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 01 February 2003

Author Tags

Qualifiers

Article

Conference

ACSC '03

01 02 2003

Adelaide, Australia

Acceptance Rates

Overall Acceptance Rate 136 of 379 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
2,457
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)9

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Freet DAgrawal RChbeir RAgrawal RBiskri I(2016)An overview of architectural and security considerations for named data networking (NDN)Proceedings of the 8th International Conference on Management of Digital EcoSystems10.1145/3012071.3012092(52-57)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/3012071.3012092
Tupakula UVaradharajan VCho YShin SKim SHung CHong J(2014)Secure monitoring for dementia patientsProceedings of the 29th Annual ACM Symposium on Applied Computing10.1145/2554850.2554950(14-19)Online publication date: 24-Mar-2014
https://dl.acm.org/doi/10.1145/2554850.2554950
Fallah MKahani N(2014)TDPFSecurity and Communication Networks10.1002/sec.7257:2(245-264)Online publication date: 1-Feb-2014
https://dl.acm.org/doi/10.1002/sec.725
Tupakula UVaradharajan VVuppala SOrgun MElçi AMakarevich OHuss SPieprzyk JBabenko LChefranov AShankaran R(2011)Counteracting DDoS attacks in WLANProceedings of the 4th international conference on Security of information and networks10.1145/2070425.2070445(119-126)Online publication date: 14-Nov-2011
https://dl.acm.org/doi/10.1145/2070425.2070445
Tupakula UVaradharajan VPandalaneni SShin SOssowski S(2009)DoSTRACKProceedings of the 2009 ACM symposium on Applied Computing10.1145/1529282.1529291(47-53)Online publication date: 8-Mar-2009
https://dl.acm.org/doi/10.1145/1529282.1529291
Peng TLeckie CRamamohanarao K(2007)Survey of network-based defense mechanisms countering the DoS and DDoS problemsACM Computing Surveys10.1145/1216370.121637339:1(3-es)Online publication date: 12-Apr-2007
https://dl.acm.org/doi/10.1145/1216370.1216373
Siris VStavrakis I(2007)Provider-based deterministic packet marking against distributed DoS attacksJournal of Network and Computer Applications10.1016/j.jnca.2005.07.00530:3(858-876)Online publication date: 1-Aug-2007
https://dl.acm.org/doi/10.1016/j.jnca.2005.07.005
Wang CYu CLiang CYu KOuyang WHsu CChen YOnoe SGuizani MChen HSawahashi M(2006)Tracers placement for IP traceback against DDoS attacksProceedings of the 2006 international conference on Wireless communications and mobile computing10.1145/1143549.1143620(355-360)Online publication date: 3-Jul-2006
https://dl.acm.org/doi/10.1145/1143549.1143620
Siris VStavrakis I(2005)Provider-Based Deterministic Packet Marking against Distributed DoS AttacksProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 1810.1109/IPDPS.2005.367Online publication date: 4-Apr-2005
https://dl.acm.org/doi/10.1109/IPDPS.2005.367
Furuya TMatsuzaki TMatsuura K(2005)Detection of unknown dos attacks by kolmogorov-complexity fluctuationProceedings of the First SKLOIS conference on Information Security and Cryptology10.1007/11599548_34(395-406)Online publication date: 15-Dec-2005
https://dl.acm.org/doi/10.1007/11599548_34
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents