PathFinder: Capturing DDoS Traffic Footprints on the Internet

被引：0

作者：

Shi, Lumin ^{[1
]}

Zhang, Mingwei ^{[1
]}

Li, Jun ^{[1
]}

Reiher, Peter ^{[2
]}

机构：

[1] Univ Oregon, Eugene, OR 97403 USA

[2] Univ Calif Los Angeles, Los Angeles, CA USA

来源：

2018 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) AND WORKSHOPS | 2018年

关键词：

distributed denial-of-service; DDoS; traffic foot-print; autonomous system (AS); PFTrie; IP TRACEBACK;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

While distributed denial-of-service (DDoS) attacks are easy to launch and are becoming more damaging, the defense against DDoS attacks often suffers from the lack of relevant knowledge of the DDoS traffic, including the paths the DDoS traffic has used, the source addresses (spoofed or not) that appear along each path, and the amount of traffic per path or per source. Though IP traceback and path inference approaches could be considered, they are either expensive and hard to deploy or inaccurate. We propose PathFinder, a service that a DDoS defense system can use to obtain the footprints of the DDoS traffic to the victim as is. It introduces a PFTrie data structure with multiple design features to log traffic at line rate, and is easy to implement and deploy on today's Internet. We show that PathFinder can significantly improve the efficacy of a DDoS defense system, while PathFinder itself is fast and has a manageable overhead.

引用

页码：10 / 18

页数：9

共 50 条

[21] Machine Learning DDoS Detection for Consumer Internet of Things Devices
Doshi, Rohan
Apthorpe, Noah
Feamster, Nick
2018 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2018), 2018, : 29 - 35
[22] A DDoS protection method based on traffic scheduling and scrubbing in SDN
Yu, Yiwei
Cheng, Guang
Chen, Zihan
Ding, Haoxuan
2021 17TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING (MSN 2021), 2021, : 758 - 765
[23] DrawBridge-Software-Defined DDoS-Resistant Traffic Engineering
Li, Jun
Berg, Skyler
Zhang, Mingwei
Reiher, Peter
Wei, Tao
SIGCOMM'14: PROCEEDINGS OF THE 2014 ACM CONFERENCE ON SPECIAL INTEREST GROUP ON DATA COMMUNICATION, 2014, : 591 - 592
[24] On the Large-scale Traffic DDoS Threat of Space Backbone Network
Ao, Di
Shi, Ruisheng
Lan, Lina
Lu, Yueming
2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), 2019, : 192 - 194
[25] DDoS Traffic Control Using Transfer Learning DQN With Structure Information
Xia, Shi-Ming
Zhang, Lei
Bai, Wei
Zhou, Xing-Yu
Pan, Zhi-Song
IEEE ACCESS, 2019, 7 : 81481 - 81493
[26] CERTAIN IMPROVEMENTS TO LOCATION AIDED PACKET MARKING AND DDOS ATTACKS IN INTERNET
Satheesh, N.
Sudha, D.
Suganthi, D.
Sudhakar, S.
Dhanaraj, S.
Sriram, V. P.
Priya, V
JOURNAL OF ENGINEERING SCIENCE AND TECHNOLOGY, 2020, 15 (01): : 94 - 107
[27] Deterrence of Intelligent DDoS via Multi-Hop Traffic Divergence
Li, Yuanjie
Li, Hewu
Lv, Zhizheng
Yao, Xingkun
Li, Qianru
Wu, Jianping
CCS '21: PROCEEDINGS OF THE 2021 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 923 - 939
[28] DDoS Attack Detection System using Neural Network on Internet of Things
Adi, Lulus Wahyu Prasetya
Mandala, Satria
Nugraha, Yudhistira
2022 INTERNATIONAL CONFERENCE ON DATA SCIENCE AND ITS APPLICATIONS (ICODSA), 2022, : 41 - 46
[29] DDoS Botnet Prevention using Blockchain in Software Defined Internet of Things
Shafi, Qaisar
Basit, Abdul
PROCEEDINGS OF 2019 16TH INTERNATIONAL BHURBAN CONFERENCE ON APPLIED SCIENCES AND TECHNOLOGY (IBCAST), 2019, : 624 - 628
[30] Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks
da Silva, L. E.
Coury, D., V
COMPUTERS & ELECTRICAL ENGINEERING, 2020, 87

← 1 2 3 4 5 →