A countermeasure againstDDOS attacks using active networks technologies |
| |
Authors: | Dai Kashiwa Eric Y Chen Hitoshi Fuji |
| |
Affiliation: | 1. NTT Information Sharing Platform Laboratories, 1-1, Hikarinooka, Yokosuka-shi, 239-0847, Kanagawa, Japan 2. Faculty of Science and Technology, Keio University, 1-1, Hikarinooka, Yokosuka-shi, 239-0847, Kanagawa, Japan 3. The University of Tokyo, 1-1, Hikarinooka, Yokosuka-shi, 239-0847, Kanagawa, Japan
|
| |
Abstract: | A Distributed Denial of Service (DDoCS) attack consumes the resources of a remote host or network by sending a massive amount ofIP packets from many distributed hosts. It is a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers andISPs. Since the attack is distributed and the attack tools evolve at a rapid and alarming rate, an effective solution must be formulated using a distributed and adaptive approach. In this paper, we propose a countermeasure againstDDoCS attacks using a method we call Active Shaping. Our method employs the Active Networks technologies, which incorporates programmability into network nodes. The Active Networks technology enables us to deter congestion and bandwidth consumption of the backbone network caused byDDoCS attacks, and to prevent our system from dropping packets of legitimate users mistakenly. This paper introduces the concept of our method, system design and evaluates the effectiveness of our method using a prototype. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|