Transient performance of PacketScore for blocking DDoS attacks

Mooi Choo Chuah, Wing Cheong Lau, Yoohwan Kim, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.

Original languageEnglish (US)
Title of host publicationIEEE International Conference on Communications
Pages1892-1896
Number of pages5
Volume4
StatePublished - 2004
Event2004 IEEE International Conference on Communications - Paris, France
Duration: Jun 20 2004Jun 24 2004

Other

Other2004 IEEE International Conference on Communications
CountryFrance
CityParis
Period6/20/046/24/04

Fingerprint

Statistics
Internet
Denial-of-service attack

ASJC Scopus subject areas

  • Media Technology

Cite this

Chuah, M. C., Lau, W. C., Kim, Y., & Chao, H. J. (2004). Transient performance of PacketScore for blocking DDoS attacks. In IEEE International Conference on Communications (Vol. 4, pp. 1892-1896)

Transient performance of PacketScore for blocking DDoS attacks. / Chuah, Mooi Choo; Lau, Wing Cheong; Kim, Yoohwan; Chao, H. Jonathan.

IEEE International Conference on Communications. Vol. 4 2004. p. 1892-1896.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chuah, MC, Lau, WC, Kim, Y & Chao, HJ 2004, Transient performance of PacketScore for blocking DDoS attacks. in IEEE International Conference on Communications. vol. 4, pp. 1892-1896, 2004 IEEE International Conference on Communications, Paris, France, 6/20/04.
Chuah MC, Lau WC, Kim Y, Chao HJ. Transient performance of PacketScore for blocking DDoS attacks. In IEEE International Conference on Communications. Vol. 4. 2004. p. 1892-1896
Chuah, Mooi Choo ; Lau, Wing Cheong ; Kim, Yoohwan ; Chao, H. Jonathan. / Transient performance of PacketScore for blocking DDoS attacks. IEEE International Conference on Communications. Vol. 4 2004. pp. 1892-1896
@inproceedings{24ece18322e24051a26c905920251967,
title = "Transient performance of PacketScore for blocking DDoS attacks",
abstract = "Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.",
author = "Chuah, {Mooi Choo} and Lau, {Wing Cheong} and Yoohwan Kim and Chao, {H. Jonathan}",
year = "2004",
language = "English (US)",
volume = "4",
pages = "1892--1896",
booktitle = "IEEE International Conference on Communications",

}

TY - GEN

T1 - Transient performance of PacketScore for blocking DDoS attacks

AU - Chuah, Mooi Choo

AU - Lau, Wing Cheong

AU - Kim, Yoohwan

AU - Chao, H. Jonathan

PY - 2004

Y1 - 2004

N2 - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.

AB - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.

UR - http://www.scopus.com/inward/record.url?scp=4143080368&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4143080368&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:4143080368

VL - 4

SP - 1892

EP - 1896

BT - IEEE International Conference on Communications

ER -