PacketScore: Statistics-based overload control against distributed denial-of-service attacks

Yoohwan Kim; Wing Cheong Lau; Mooi Choo Chuah; H. Jonathan Chao

doi:10.1109/INFCOM.2004.1354679

PacketScore: Statistics-based overload control against distributed denial-of-service attacks

Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, H. Jonathan Chao

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

Original language	English (US)
Title of host publication	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Pages	2594-2604
Number of pages	11
DOIs	https://doi.org/10.1109/INFCOM.2004.1354679
State	Published - 2004
Event	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies - Hongkong, China Duration: Mar 7 2004 → Mar 11 2004

Publication series

Name	Proceedings - IEEE INFOCOM
Volume	4
ISSN (Print)	0743-166X

Other

Other	IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies
Country/Territory	China
City	Hongkong
Period	3/7/04 → 3/11/04

Keywords

Denial-of-Service Attack
Overload Control
Security
Selective Packet Discarding
Simulations
System design
Traffic characterization

ASJC Scopus subject areas

Computer Science(all)
Electrical and Electronic Engineering

Access to Document

10.1109/INFCOM.2004.1354679

Cite this

Kim, Y., Lau, W. C., Chuah, M. C., & Chao, H. J. (2004). PacketScore: Statistics-based overload control against distributed denial-of-service attacks. In IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies (pp. 2594-2604). (Proceedings - IEEE INFOCOM; Vol. 4). https://doi.org/10.1109/INFCOM.2004.1354679

PacketScore: Statistics-based overload control against distributed denial-of-service attacks. / Kim, Yoohwan; Lau, Wing Cheong; Chuah, Mooi Choo et al.
IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. 2004. p. 2594-2604 (Proceedings - IEEE INFOCOM; Vol. 4).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kim, Y, Lau, WC, Chuah, MC & Chao, HJ 2004, PacketScore: Statistics-based overload control against distributed denial-of-service attacks. in IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings - IEEE INFOCOM, vol. 4, pp. 2594-2604, IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies, Hongkong, China, 3/7/04. https://doi.org/10.1109/INFCOM.2004.1354679

@inproceedings{3cc3d54f62d4427d86dc5d0825fa5714,

title = "PacketScore: Statistics-based overload control against distributed denial-of-service attacks",

abstract = "Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.",

keywords = "Denial-of-Service Attack, Overload Control, Security, Selective Packet Discarding, Simulations, System design, Traffic characterization",

author = "Yoohwan Kim and Lau, {Wing Cheong} and Chuah, {Mooi Choo} and Chao, {H. Jonathan}",

year = "2004",

doi = "10.1109/INFCOM.2004.1354679",

language = "English (US)",

isbn = "0780383559",

series = "Proceedings - IEEE INFOCOM",

pages = "2594--2604",

booktitle = "IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies",

note = "IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies ; Conference date: 07-03-2004 Through 11-03-2004",

}

TY - GEN

T1 - PacketScore

T2 - IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies

AU - Kim, Yoohwan

AU - Lau, Wing Cheong

AU - Chuah, Mooi Choo

AU - Chao, H. Jonathan

PY - 2004

Y1 - 2004

N2 - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

AB - Distributed Denial of Service (DDoS) attack is a critical threat to the Internet. Currently, most ISPs merely rely on manual detection of DDoS attacks after which offline fine-grain traffic analysis is performed and new filtering rules are installed manually to the routers. The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized. The expressiveness of existing filtering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DDoS defense architecture that supports distributed detection and automated on-line attack characterization. In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packets based on a per-packet score which estimates the legitimacy of a packet given the attribute values it carries. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.

KW - Denial-of-Service Attack

KW - Overload Control

KW - Security

KW - Selective Packet Discarding

KW - Simulations

KW - System design

KW - Traffic characterization

UR - http://www.scopus.com/inward/record.url?scp=8344261545&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=8344261545&partnerID=8YFLogxK

U2 - 10.1109/INFCOM.2004.1354679

DO - 10.1109/INFCOM.2004.1354679

M3 - Conference contribution

AN - SCOPUS:8344261545

SN - 0780383559

T3 - Proceedings - IEEE INFOCOM

SP - 2594

EP - 2604

BT - IEEE INFOCOM 2004 - Conference on Computer Communications - Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies

Y2 - 7 March 2004 through 11 March 2004

ER -

PacketScore: Statistics-based overload control against distributed denial-of-service attacks

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this