PacketScore: Statistics-based overload control against distributed denial-of-service attacks

Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

Original languageEnglish (US)
Title of host publicationIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Pages2594-2604
Number of pages11
Volume4
DOIs
StatePublished - 2004
EventIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies - Hongkong, China
Duration: Mar 7 2004Mar 11 2004

Other

OtherIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
CountryChina
CityHongkong
Period3/7/043/11/04

Fingerprint

Statistics
Routers
Telecommunication traffic
Internet
Hardware
Denial-of-service attack

Keywords

  • Denial-of-Service Attack
  • Overload Control
  • Security
  • Selective Packet Discarding
  • Simulations
  • System design
  • Traffic characterization

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Hardware and Architecture

Cite this

Kim, Y., Lau, W. C., Chuah, M. C., & Chao, H. J. (2004). PacketScore: Statistics-based overload control against distributed denial-of-service attacks. In IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies (Vol. 4, pp. 2594-2604) https://doi.org/10.1109/INFCOM.2004.1354679

PacketScore : Statistics-based overload control against distributed denial-of-service attacks. / Kim, Yoohwan; Lau, Wing Cheong; Chuah, Mooi Choo; Chao, H. Jonathan.

IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. Vol. 4 2004. p. 2594-2604.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kim, Y, Lau, WC, Chuah, MC & Chao, HJ 2004, PacketScore: Statistics-based overload control against distributed denial-of-service attacks. in IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. vol. 4, pp. 2594-2604, IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies, Hongkong, China, 3/7/04. https://doi.org/10.1109/INFCOM.2004.1354679
Kim Y, Lau WC, Chuah MC, Chao HJ. PacketScore: Statistics-based overload control against distributed denial-of-service attacks. In IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. Vol. 4. 2004. p. 2594-2604 https://doi.org/10.1109/INFCOM.2004.1354679
Kim, Yoohwan ; Lau, Wing Cheong ; Chuah, Mooi Choo ; Chao, H. Jonathan. / PacketScore : Statistics-based overload control against distributed denial-of-service attacks. IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. Vol. 4 2004. pp. 2594-2604
@inproceedings{3cc3d54f62d4427d86dc5d0825fa5714,
title = "PacketScore: Statistics-based overload control against distributed denial-of-service attacks",
abstract = "Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.",
keywords = "Denial-of-Service Attack, Overload Control, Security, Selective Packet Discarding, Simulations, System design, Traffic characterization",
author = "Yoohwan Kim and Lau, {Wing Cheong} and Chuah, {Mooi Choo} and Chao, {H. Jonathan}",
year = "2004",
doi = "10.1109/INFCOM.2004.1354679",
language = "English (US)",
isbn = "0780383559",
volume = "4",
pages = "2594--2604",
booktitle = "IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies",

}

TY - GEN

T1 - PacketScore

T2 - Statistics-based overload control against distributed denial-of-service attacks

AU - Kim, Yoohwan

AU - Lau, Wing Cheong

AU - Chuah, Mooi Choo

AU - Chao, H. Jonathan

PY - 2004

Y1 - 2004

N2 - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

AB - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

KW - Denial-of-Service Attack

KW - Overload Control

KW - Security

KW - Selective Packet Discarding

KW - Simulations

KW - System design

KW - Traffic characterization

UR - http://www.scopus.com/inward/record.url?scp=8344261545&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=8344261545&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2004.1354679

DO - 10.1109/INFCOM.2004.1354679

M3 - Conference contribution

SN - 0780383559

VL - 4

SP - 2594

EP - 2604

BT - IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies

ER -