MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yu Chen Articles by Yu-Kwong Kwok Articles by Kai Hwang

Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05)

Columbus, Ohio, USA

June 06-June 10

ISBN: 0-7695-2328-5

	ASCII Text	x
	Yu Chen, Yu-Kwong Kwok, Kai Hwang, "MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks," Distributed Computing Systems Workshops, International Conference on, vol. 2, pp. 123-129, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005.

	BibTex	x
	@article{ 10.1109/ICDCSW.2005.84, author = {Yu Chen and Yu-Kwong Kwok and Kai Hwang}, title = {MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks}, journal ={Distributed Computing Systems Workshops, International Conference on}, volume = {2}, year = {2005}, issn = {1545-0678}, pages = {123-129}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.84}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Distributed Computing Systems Workshops, International Conference on TI - MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks SN - 1545-0678 SP123 EP129 A1 - Yu Chen, A1 - Yu-Kwong Kwok, A1 - Kai Hwang, PY - 2005 KW - packet dropping policy KW - DDoS defense KW - malicious flows KW - probing KW - duplicated ACKs VL - 2 JA - Distributed Computing Systems Workshops, International Conference on ER -

Yu Chen, University of Southern California

Yu-Kwong Kwok, University of Southern California

Kai Hwang, University of Southern California

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICDCSW.2005.84

In this paper, we propose a new approach called MAFIC (MAlicious Flow Identification and Cutoff) to support adaptive packet dropping to fend off DDoS attacks. MAFIC works by judiciously issuing lightweight probes to flow sources to check if they are legitimate. Through such probing, MAFIC would drop malicious attack packets with high accuracy while minimizes the loss on legitimate traffic flows. Our NS-2 based simulation indicates that MAFIC algorithm drops packets from unresponsive potental attack flows with an accuracy as high as 99% and reduces the loss of legitimate flows to less than 3%. Furthermore, the false positive and negative rates are low — only around 1% for a majority of the cases.

Index Terms:

packet dropping policy, DDoS defense, malicious flows, probing, duplicated ACKs

Citation:

Yu Chen, Yu-Kwong Kwok, Kai Hwang, "MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Push Back DDoS Attacks," icdcsw, vol. 2, pp.123-129, Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.