BROWSE
Detail
Conference Paper
An Effective Defense Mechanism Against DoS/DDoS Attacks in Flow-based Routers
Cited 6 time in 
Share 
Share
- Authors
- Pyung Koo Park, Hee Kyoung Yi, Sang Jin Hong, Jae Cheul Ryu
- Issue Date
- 2010-11
- Citation
- International Conference on Advances in Mobile Computing and Multimedia (MoMM) 2010, pp.442-446
- Language
- English
- Type
- Conference Paper
- Abstract
- Due to proliferation of diverse network applications, DoS/DDoS attacks are evolving. Many studies have been performed and implemented in on/off-line network devices such as routers and IDS/IPS. While IDS/IPS is powerful enough to handle deep packet inspection (DPI) tasks, routers are better suited in real-time and line-speed processing requirements. Since the routers are designed to handle IP packet header information, if one can devise an DoS/DDoS detection/prevention methods that utilizes the router specific features it will be best for the in-line and real-time processing. We introduce a Flow based DoS/DDoS detection algorithm(FDDA) that detects Distributed Denial of Service (DDoS) attacks by monitoring TTL and ID fields of incoming packet's IP header. As DDoS attacks are based on IP source address spoofing, the TTL and ID fields may have abnormal behavior. The device keeps track of 8-tuple flow table. The behavior of these two fields is monitored to determine DoS/DDoS attack situation. The effectiveness of our method is such that it is implemented flow-based routers and devices. Copyright © 2010 ACM.
- KSP Keywords
- Abnormal behavior, DDoS detection algorithm, Defense Mechanism, Distributed denial of service (DDoS) attacks, Flow Table, Flow-based(FB), IP header, IP packet, In-line, Line network, Line-Speed