ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술대회 An Effective Defense Mechanism Against DoS/DDoS Attacks in Flow-based Routers
Cited 6 time in scopus Download 0 time Share share facebook twitter linkedin kakaostory
저자
박평구, 이희경, 홍상진, 류재철
발행일
201011
출처
International Conference on Advances in Mobile Computing and Multimedia (MoMM) 2010, pp.442-446
DOI
https://dx.doi.org/10.1145/1971519.1971595
협약과제
10MI1300, 응용서비스 인식형 네트워크 스위치 플랫폼 기술개발, 홍성백
초록
Due to proliferation of diverse network applications, DoS/DDoS attacks are evolving. Many studies have been performed and implemented in on/off-line network devices such as routers and IDS/IPS. While IDS/IPS is powerful enough to handle deep packet inspection (DPI) tasks, routers are better suited in real-time and line-speed processing requirements. Since the routers are designed to handle IP packet header information, if one can devise an DoS/DDoS detection/prevention methods that utilizes the router specific features it will be best for the in-line and real-time processing. We introduce a Flow based DoS/DDoS detection algorithm(FDDA) that detects Distributed Denial of Service (DDoS) attacks by monitoring TTL and ID fields of incoming packet's IP header. As DDoS attacks are based on IP source address spoofing, the TTL and ID fields may have abnormal behavior. The device keeps track of 8-tuple flow table. The behavior of these two fields is monitored to determine DoS/DDoS attack situation. The effectiveness of our method is such that it is implemented flow-based routers and devices. Copyright © 2010 ACM.
KSP 제안 키워드
Abnormal behavior, DDoS detection algorithm, Defense Mechanism, Distributed denial of service (DDoS) attacks, Flow Table, Flow-based, IP header, IP packet, In-line, Line network, Line-Speed