Presentation | 2011-12-16 Overlay Based, Distributed Defense-Framework against DDoS Attacks Mohamad EID, Hitoshi AIDA, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | The World Wide Web plays vital roles in our daily lives. But cyber-attackers abuse this vitality by threatening web servers. DDoS attacks (distributed denial of service) remain as one of the major threats for web servers despite of the continuous protection efforts. Recently, high level DDoS attacks (targeting the application level) could successfully affect several high profile web services. A defense framework that can stop all levels of DDoS attacks is required. High level DDoS attack traffic can't be easily detected, since the request comes from a real host and asks for a real resource from the server's application. In this paper, possible high level attack scenarios are classified into; preventable, detectable, and non-detectable. Afterwards, our previously proposed overlay based, distributed defense-framework against DDoS Attacks is presented. The proposed framework is capable of preventing low level attacks from affecting the server. Additional countermeasures are also introduced that can help eliminate a large portion of the possible high level attack strategies. Preliminary tests on the implemented prototype under high level attacks show that the new AN countermeasures serves as a practical response mechanism to the detectable category, besides its facilitating their detection. Even for the non-detectable attacks class, the introduced countermeasures throttles down the attackers' achievable rate given the same resources thus raise the bar on them. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Denial-of-service-attacks / high level attacks / information security / intrusion detection |
Paper # | IA2011-51 |
Date of Issue |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2011/12/8(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Internet Architecture(IA) |
---|---|
Language | ENG |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Overlay Based, Distributed Defense-Framework against DDoS Attacks |
Sub Title (in English) | |
Keyword(1) | Denial-of-service-attacks |
Keyword(2) | high level attacks |
Keyword(3) | information security |
Keyword(4) | intrusion detection |
1st Author's Name | Mohamad EID |
1st Author's Affiliation | Graduate School of Engineering, The University of Tokyo() |
2nd Author's Name | Hitoshi AIDA |
2nd Author's Affiliation | Graduate School of Engineering, The University of Tokyo |
Date | 2011-12-16 |
Paper # | IA2011-51 |
Volume (vol) | vol.111 |
Number (no) | 347 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |