PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks

Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H. Jonathan Chao

Research output: Contribution to journalArticle

Abstract

Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that PacketScore is very effective in blocking several different attack types under many different conditions.

Original languageEnglish (US)
Pages (from-to)141-155
Number of pages15
JournalIEEE Transactions on Dependable and Secure Computing
Volume3
Issue number2
DOIs
StatePublished - Apr 2006

Fingerprint

Statistics
Processing
Pipelines
Internet
Hardware
Denial-of-service attack

Keywords

  • Network level security and protection
  • Network monitoring
  • Performance evaluation
  • Security
  • Simulation
  • Traffic analysis

ASJC Scopus subject areas

  • Engineering(all)
  • Computer Networks and Communications

Cite this

PacketScore : A statistics-based packet filtering scheme against distributed denial-of-service attacks. / Kim, Yoohwan; Lau, Wing Cheong; Chuah, Mooi Choo; Chao, H. Jonathan.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 2, 04.2006, p. 141-155.

Research output: Contribution to journalArticle

@article{b8f7f83cdd874659af01d16b68675571,
title = "PacketScore: A statistics-based packet filtering scheme against distributed denial-of-service attacks",
abstract = "Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that PacketScore is very effective in blocking several different attack types under many different conditions.",
keywords = "Network level security and protection, Network monitoring, Performance evaluation, Security, Simulation, Traffic analysis",
author = "Yoohwan Kim and Lau, {Wing Cheong} and Chuah, {Mooi Choo} and Chao, {H. Jonathan}",
year = "2006",
month = "4",
doi = "10.1109/TDSC.2006.25",
language = "English (US)",
volume = "3",
pages = "141--155",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "2",

}

TY - JOUR

T1 - PacketScore

T2 - A statistics-based packet filtering scheme against distributed denial-of-service attacks

AU - Kim, Yoohwan

AU - Lau, Wing Cheong

AU - Chuah, Mooi Choo

AU - Chao, H. Jonathan

PY - 2006/4

Y1 - 2006/4

N2 - Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that PacketScore is very effective in blocking several different attack types under many different conditions.

AB - Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that PacketScore is very effective in blocking several different attack types under many different conditions.

KW - Network level security and protection

KW - Network monitoring

KW - Performance evaluation

KW - Security

KW - Simulation

KW - Traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=33646742035&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646742035&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2006.25

DO - 10.1109/TDSC.2006.25

M3 - Article

AN - SCOPUS:33646742035

VL - 3

SP - 141

EP - 155

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 2

ER -