Home > Research > Publications & Outputs > Identifying Legitimate Clients under Distribute...

Links

Text available via DOI:

View graph of relations

Identifying Legitimate Clients under Distributed Denial-of-Service Attacks

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Identifying Legitimate Clients under Distributed Denial-of-Service Attacks. / Simpson, Steven; Lindsay, Adam; Hutchison, David.
4th International Conference on Network and System Security (NSS), 2010 . IEEE, 2010. p. 365-370.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Simpson, S, Lindsay, A & Hutchison, D 2010, Identifying Legitimate Clients under Distributed Denial-of-Service Attacks. in 4th International Conference on Network and System Security (NSS), 2010 . IEEE, pp. 365-370, 4th International Conference on Network and System Security (NSS 2010), Melbourne, Australia, 1/09/10. https://doi.org/10.1109/NSS.2010.77

APA

Simpson, S., Lindsay, A., & Hutchison, D. (2010). Identifying Legitimate Clients under Distributed Denial-of-Service Attacks. In 4th International Conference on Network and System Security (NSS), 2010 (pp. 365-370). IEEE. https://doi.org/10.1109/NSS.2010.77

Vancouver

Simpson S, Lindsay A, Hutchison D. Identifying Legitimate Clients under Distributed Denial-of-Service Attacks. In 4th International Conference on Network and System Security (NSS), 2010 . IEEE. 2010. p. 365-370 doi: 10.1109/NSS.2010.77

Author

Simpson, Steven ; Lindsay, Adam ; Hutchison, David. / Identifying Legitimate Clients under Distributed Denial-of-Service Attacks. 4th International Conference on Network and System Security (NSS), 2010 . IEEE, 2010. pp. 365-370

Bibtex

@inproceedings{85a3c85f51e447dca563cf88ebf3742b,
title = "Identifying Legitimate Clients under Distributed Denial-of-Service Attacks",
abstract = "Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.",
keywords = "Countermeasures, DDoS , Flow cookies , Mitigation , Proof-of-work , Remediation",
author = "Steven Simpson and Adam Lindsay and David Hutchison",
year = "2010",
month = sep,
day = "1",
doi = "10.1109/NSS.2010.77",
language = "English",
isbn = "978-1-4244-8484-3",
pages = "365--370",
booktitle = "4th International Conference on Network and System Security (NSS), 2010",
publisher = "IEEE",
note = "4th International Conference on Network and System Security (NSS 2010) ; Conference date: 01-09-2010 Through 03-09-2010",

}

RIS

TY - GEN

T1 - Identifying Legitimate Clients under Distributed Denial-of-Service Attacks

AU - Simpson, Steven

AU - Lindsay, Adam

AU - Hutchison, David

PY - 2010/9/1

Y1 - 2010/9/1

N2 - Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.

AB - Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.

KW - Countermeasures

KW - DDoS

KW - Flow cookies

KW - Mitigation

KW - Proof-of-work

KW - Remediation

U2 - 10.1109/NSS.2010.77

DO - 10.1109/NSS.2010.77

M3 - Conference contribution/Paper

SN - 978-1-4244-8484-3

SP - 365

EP - 370

BT - 4th International Conference on Network and System Security (NSS), 2010

PB - IEEE

T2 - 4th International Conference on Network and System Security (NSS 2010)

Y2 - 1 September 2010 through 3 September 2010

ER -