An efficient filter for denial-of-service bandwidth attacks

被引：42

作者：

Abdelsayed, S ^{[1
]}

Glimsholt, D ^{[1
]}

Leckie, C ^{[1
]}

Ryan, S ^{[1
]}

Shami, S ^{[1
]}

机构：

[1] Univ Melbourne, Dept Elect & Elect Engn, Parkville, Vic 3010, Australia

来源：

GLOBECOM'03: IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1-7 | 2003年

关键词：

D O I：

10.1109/GLOCOM.2003.1258459

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

In this paper, we present an efficient method for detecting and filtering denial-of-service bandwidth attacks. Our system called TOPS (Tabulated Online Packet Statistics) can monitor a large number of network addresses in a compact, fixed-size structure using several effective heuristics. We demonstrate that TOPS can detect bandwidth attacks in a standard benchmark dataset with a high accuracy and a low false alarm rate. A key benefit of TOPS is that it uses few computational resources and does not slow down during an attack.

引用

页码：1353 / 1357

页数：5

共 13 条

[1] SPACE/TIME TRADE/OFFS IN HASH CODING WITH ALLOWABLE ERRORS [J].

BLOOM, BH .

COMMUNICATIONS OF THE ACM, 1970, 13 (07) :422-&

[2] Defending against flooding-based distributed denial-of-service attacks: A tutorial [J].

Chang, RKC .

IEEE COMMUNICATIONS MAGAZINE, 2002, 40 (10) :42-51

[3]

Ferguson P., 2000, RFC2827

[4] Denial-of-service attacks rip the Internet [J].

Garber, L .

COMPUTER, 2000, 33 (04) :12-17

[5]

GIL T, P 10 USENIX SEC S AU

[6]

Ioannidis J., 2002, Implementing pushback: Router-based defense against DDoS attacks

[7]

KENDALL K, 1998, THESIS MIT

[8]

LIPPMANN R, P 3 INT WORKSH REC A, P162

[9]

Park K, 2001, IEEE INFOCOM SER, P338, DOI 10.1109/INFCOM.2001.916716

[10]

PENG T, 2002, P 2 IFIP NETW C NETW

← 1 2 →