This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
May 2007 (vol. 18 no. 5)
pp. 577-588

Abstract—Attack mitigation schemes actively throttle attack traffic generated in Distributed Denial-of-Service (DDoS) attacks. This paper presents Attack Diagnosis (AD), a novel attack mitigation scheme that adopts a divide-and-conquer strategy. AD combines the concepts of Pushback and packet marking, and its architecture is in line with the ideal DDoS attack countermeasure paradigm—attack detection is performed near the victim host and packet filtering is executed close to the attack sources. AD is a reactive defense mechanism that is activated by a victim host after an attack is detected. By instructing its upstream routers to mark packets deterministically, the victim can trace back one attack source and command an AD-enabled router close to the source to filter the attack packets. This process isolates one attacker and throttles it, which is repeated until the attack is mitigated. We also propose an extension to AD called Parallel Attack Diagnosis (PAD) that is capable of throttling traffic coming from a large number of attackers simultaneously. AD and PAD are analyzed and evaluated using the Skitter Internet map, Lumeta's Internet map, and the 6-degree complete tree topology model. Both schemes are shown to be robust against IP spoofing and to incur low false positive ratios.

Index Terms:
Network-level security and protection.
Citation:
Ruiliang Chen, Jung-Min Park, Randolph Marchany, "A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks," IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577-588, May 2007, doi:10.1109/TPDS.2007.1014
Usage of this product signifies your acceptance of the Terms of Use.