Characterization of defense mechanisms against distributed denial of service attacks

被引:30
作者
Chen, LC
Longstaff, TA
Carley, KM
机构
[1] Carnegie Mellon Univ, Inst Software Res, Pittsburgh, PA 15213 USA
[2] Carnegie Mellon Univ, Dept Engn & Publ Policy, Pittsburgh, PA 15213 USA
[3] Inst Software Res Int, Pittsburgh, PA 15213 USA
[4] Carnegie Mellon Univ, Inst Software Engn, Network Survivable Syst, Pittsburgh, PA 15213 USA
基金
美国国家科学基金会; 美国安德鲁·梅隆基金会;
关键词
distributed denial of service attacks; characterization; defense mechanisms; computer network security; computer security;
D O I
10.1016/j.cose.2004.06.008
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We propose a characterization of distributed denial of service (DDOS) defenses where reaction points are network-based and attack responses are active. The purpose is to provide a framework for comparing the performance and deployment of DDOS defenses. We identify the characteristics in attack detection algorithms and attack responses by reviewing defenses that have appeared in the literature. We expect that this characterization will provide practitioners and academia insights into deploying DDOS defense as network services. (C) 2004 Elsevier Ltd. All rights reserved.
引用
收藏
页码:665 / 678
页数:14
相关论文
共 50 条
[1]  
[Anonymous], 2002, NETW DISTR SYST SEC
[2]  
[Anonymous], 2000, 9915 CHALM U DEP COM
[3]  
[Anonymous], 2000, ICMP TRACEBACK MESSA
[4]  
[Anonymous], 2000, Building Internet Firewalls
[5]  
*ARB NETW INC, 2002, PEAKFLOW
[6]  
*AST NETW INC, 2002, VANT SYST
[7]  
BURCH H, 2000, LINUX SYST ADM C NEW
[8]  
CABRERA J, 2001, IEEE IFIP INT S INT
[9]  
*CERT CC, 1999, RES DISTR SYST INTR
[10]  
Cheswick WilliamR., 1994, FIREWALLS INTERNET S