PacketScore: Statistics-based overload control against distributed denial-of-service attacks

Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H. Jonathan Chao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

Original languageEnglish (US)
Title of host publicationIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Pages2594-2604
Number of pages11
DOIs
StatePublished - 2004
EventIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies - Hongkong, China
Duration: Mar 7 2004Mar 11 2004

Publication series

NameProceedings - IEEE INFOCOM
Volume4
ISSN (Print)0743-166X

Other

OtherIEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Country/TerritoryChina
CityHongkong
Period3/7/043/11/04

Keywords

  • Denial-of-Service Attack
  • Overload Control
  • Security
  • Selective Packet Discarding
  • Simulations
  • System design
  • Traffic characterization

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'PacketScore: Statistics-based overload control against distributed denial-of-service attacks'. Together they form a unique fingerprint.

Cite this