상세정보
학술대회
A Pseudo State-based Distributed DoS Detection Mechanism using Dynamic Hashing
- 발행일
- 201211
- 출처
- International Conference on Security Technology (SecTech) 2012 (CCIS 339), v.339, pp.22-29
- 협약과제
- 12VI2100, Non-stop Active Routing을 지원하는 고가용성 네트워크 운영체제 기술개발, 류호용
- 초록
- As distributed denial-of-service (DDoS) attacks have caused serious economic and social problems, there have been numerous researches to defend against them. The current DDoS defense system relies on a dedicated security device, which is located in front of the server it is required to protect. To detect DDoS attacks, this security device compares incoming traffic to known attack patterns. Since such a defense mechanism cannot prevent an influx of attack traffic into the network, and every packet must be compared against the known attack patterns, the mechanism often degrades the service. In this paper, we propose a pseudo state-based DDoS detection mechanism using dynamic hashing scheme, which runs on network devices to defend against DDoS attacks without sacrificing performance in terms of data forwarding. The proposed mechanism is suitable for both low- and high-rate attacks. In addition, we verified the performance of the proposed mechanism by evaluating its performance using a DDoS attack similar to the one that occurred in Korea and the USA on July 7th, 2009. © 2012 Springer-Verlag.
- KSP 제안 키워드
- DDoS Detection, DDoS attacks, DDoS defense, Data Forwarding, Defense Mechanism, Defense system, Distributed DoS(DDoS), Distributed denial-of-service(DDoS), High rate, Network devices, Social problems