Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Identifying Legitimate Clients under Distributed Denial-of-Service Attacks
AU - Simpson, Steven
AU - Lindsay, Adam
AU - Hutchison, David
PY - 2010/9/1
Y1 - 2010/9/1
N2 - Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.
AB - Distributed Denial of Service (DDoS) attacks are a persistent, current, and very real threat to networks. Expanding upon a flexible distributed framework for network remediation utilising multiple strategies, we examine a novel fusion of methods to maximise throughput from legitimate clients and minimise the impact from attackers. The basic approach is to build up a whitelist of likely legitimate clients by observing outgoing traffic, presenting a challenge though proof-of-work, and providing flow cookies. Traffic that does not match the expected profile is likely attack traffic, and can be heavily filtered during attack conditions. After we incrementally develop this approach, we explore the positive and negative impacts of this approach upon the network and analyse potential countermeasures.
KW - Countermeasures
KW - DDoS
KW - Flow cookies
KW - Mitigation
KW - Proof-of-work
KW - Remediation
U2 - 10.1109/NSS.2010.77
DO - 10.1109/NSS.2010.77
M3 - Conference contribution/Paper
SN - 978-1-4244-8484-3
SP - 365
EP - 370
BT - 4th International Conference on Network and System Security (NSS), 2010
PB - IEEE
T2 - 4th International Conference on Network and System Security (NSS 2010)
Y2 - 1 September 2010 through 3 September 2010
ER -