Issue No. 03 - July-September (2005 vol. 2)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2005.35
Jelena Mirkovic , IEEE
Peter Reiher , IEEE
Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. The major challenge is the differentiation of the legitimate from the attack traffic, so that the dropping policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment. Moderate traffic volumes seen near the sources, even during the attacks, enable extensive statistics gathering and profiling, facilitating high response selectiveness. D-WARD inflicts an extremely low collateral damage to the legitimate traffic, while quickly detecting and severely rate-limiting outgoing attacks. D-WARD has been extensively evaluated in a controlled testbed environment and in real network operation. Results of selected tests are presented in the paper.
Index Terms- Network-level security and protection, network monitoring, fault tolerance.
J. Mirkovic and P. Reiher, "D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks," in IEEE Transactions on Dependable and Secure Computing, vol. 2, no. , pp. 216-232, 2005.