{"title":"You can run, but you can't hide: an effective methodology to traceback DDoS attackers","authors":"K. Law, John C.S. Lui, David K. Y. Yau","doi":"10.1109/MASCOT.2002.1167105","DOIUrl":null,"url":null,"abstract":"With the increase of sophistication and severity of DDoS (distributed denial of service) attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage et al. (2000) in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volumes of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t/sub min/, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.","PeriodicalId":384900,"journal":{"name":"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MASCOT.2002.1167105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
With the increase of sophistication and severity of DDoS (distributed denial of service) attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage et al. (2000) in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volumes of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t/sub min/, which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
