Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Anjali Sardana Articles by Krishan Kumar Articles by R. C. Joshi

2007 The Third International Symposium on Information Assurance and Security

Manchester, United Kingdom

August 29-August 31

ISBN: 0-7695-2876-7

	ASCII Text	x
	Anjali Sardana, Krishan Kumar, R. C. Joshi, "Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain," Information Assurance and Security, International Symposium on, pp. 191-196, 2007 The Third International Symposium on Information Assurance and Security, 2007.

	BibTex	x
	@article{ 10.1109/IAS.2007.23, author = {Anjali Sardana and Krishan Kumar and R. C. Joshi}, title = {Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain}, journal ={Information Assurance and Security, International Symposium on}, volume = {0}, year = {2007}, isbn = {0-7695-2876-7}, pages = {191-196}, doi = {http://doi.ieeecomputersociety.org/10.1109/IAS.2007.23}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Assurance and Security, International Symposium on TI - Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain SN - 0-7695-2876-7 SP191 EP196 A1 - Anjali Sardana, A1 - Krishan Kumar, A1 - R. C. Joshi, PY - 2007 KW - null VL - 0 JA - Information Assurance and Security, International Symposium on ER -

Anjali Sardana, Indian Institute of Technology, India

Krishan Kumar, Indian Institute of Technology, India

R. C. Joshi, Indian Institute of Technology, India

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IAS.2007.23

The inherent vulnerabilities in TCP/IP architecture give dearth of opportunities to DDoS attackers. The array of schemes proposed for detection of these attacks in real time is either targeted towards low rate attacks or high bandwidth attacks. Presence of low rate attacks leads to graceful degradation of QoS in the network thus making them further undetectable. In this paper, we propose a scheme that uses three lines of defense. The first line of defense is towards detecting the presence of low rate as well as high bandwidth attacks based on entropy variations in small time windows. The second line of defense identifies and tags attack flows in real time. The last line of defense is redirecting the attack flows to honeypot server that responds in contained manner to the attack flows, thus providing deterrence and maintaining QoS at ISP level. We validate the effectiveness of the approach with simulation in ns-2 on a Linux platform.

Citation:

Anjali Sardana, Krishan Kumar, R. C. Joshi, "Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain," ias, pp.191-196, 2007 The Third International Symposium on Information Assurance and Security, 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.