Abstract
Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.
| Original language | English (US) |
|---|---|
| Title of host publication | IEEE International Conference on Communications |
| Pages | 1892-1896 |
| Number of pages | 5 |
| Volume | 4 |
| State | Published - 2004 |
| Event | 2004 IEEE International Conference on Communications - Paris, France Duration: Jun 20 2004 → Jun 24 2004 |
Other
| Other | 2004 IEEE International Conference on Communications |
|---|---|
| Country | France |
| City | Paris |
| Period | 6/20/04 → 6/24/04 |
Fingerprint
ASJC Scopus subject areas
- Media Technology
Cite this
Transient performance of PacketScore for blocking DDoS attacks. / Chuah, Mooi Choo; Lau, Wing Cheong; Kim, Yoohwan; Chao, H. Jonathan.
IEEE International Conference on Communications. Vol. 4 2004. p. 1892-1896.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Transient performance of PacketScore for blocking DDoS attacks
AU - Chuah, Mooi Choo
AU - Lau, Wing Cheong
AU - Kim, Yoohwan
AU - Chao, H. Jonathan
PY - 2004
Y1 - 2004
N2 - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.
AB - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Recently we have proposed the PacketScore scheme, a DDoS defense architecture that supports automated attack detection, on-line attack characterization and attack blocking. Its key idea is to use a statistics-based packet scoring mechanism to distinguish between legitimate and non-legitimate packets and discard packets based on the packet scores. In order for such an approach to work, we need to perform on-line traffic characterizations, and compare such characterizations with nominal profiles (generated from past history or off-line analysis). The threshold used for the score-based selective packet discard decision is dynamically adjusted based on the score distribution of recent incoming packets. In our previous paper [Kim04], we discuss how our proposed system performs in different attack scenarios. In this paper, we first give a brief review of the PacketScore approach and further elaborate on the transient performance under varying attack types and intensities, which may be exploited in more sophisticated attacks. We then show that PacketScore is well capable of blocking such sophisticated attacks by simply adjusting the measurement window time scale to closely track the attack profile.
UR - http://www.scopus.com/inward/record.url?scp=4143080368&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=4143080368&partnerID=8YFLogxK
M3 - Conference contribution
VL - 4
SP - 1892
EP - 1896
BT - IEEE International Conference on Communications
ER -