{"title":"On the effectiveness of DDoS attacks on statistical filtering","authors":"Qiming Li, E. Chang, M. Chan","doi":"10.1109/INFCOM.2005.1498362","DOIUrl":null,"url":null,"abstract":"Distributed denial of service (DDoS) attacks pose a serious threat to service availability of the victim network by severely degrading its performance. Recently, there has been significant interest in the use of statistical-based filtering to defend against and mitigate the effect of DDoS attacks. Under this approach, packet statistics are monitored to classify normal and abnormal behaviour. Under attack, packets that are classified as abnormal are dropped by the filter that guards the victim network. We study the effectiveness of DDoS attacks on such statistical-based filtering in a general context where the attackers are \"smart\". We first give an optimal policy for the filter when the statistical behaviours of both the attackers and the filter are static. We next consider cases where both the attacker and the filter can dynamically change their behaviour, possibly depending on the perceived behaviour of the other party. We observe that while an adaptive filter can effectively defend against a static attacker, the filter can perform much worse if the attacker is more dynamic than perceived.","PeriodicalId":20482,"journal":{"name":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","volume":"24 1","pages":"1373-1383 vol. 2"},"PeriodicalIF":0.0000,"publicationDate":"2005-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"59","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOM.2005.1498362","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 59
Abstract
Distributed denial of service (DDoS) attacks pose a serious threat to service availability of the victim network by severely degrading its performance. Recently, there has been significant interest in the use of statistical-based filtering to defend against and mitigate the effect of DDoS attacks. Under this approach, packet statistics are monitored to classify normal and abnormal behaviour. Under attack, packets that are classified as abnormal are dropped by the filter that guards the victim network. We study the effectiveness of DDoS attacks on such statistical-based filtering in a general context where the attackers are "smart". We first give an optimal policy for the filter when the statistical behaviours of both the attackers and the filter are static. We next consider cases where both the attacker and the filter can dynamically change their behaviour, possibly depending on the perceived behaviour of the other party. We observe that while an adaptive filter can effectively defend against a static attacker, the filter can perform much worse if the attacker is more dynamic than perceived.
分布式拒绝服务攻击(Distributed denial of service, DDoS)通过严重降低受害网络的性能,严重威胁到受害网络的服务可用性。最近,人们对使用基于统计的过滤来防御和减轻DDoS攻击的影响非常感兴趣。在这种方法下,数据包统计数据被监控以区分正常和异常行为。受到攻击时,保护受害网络的过滤器会丢弃被分类为异常的报文。我们在攻击者“聪明”的一般情况下研究DDoS攻击对这种基于统计的过滤的有效性。当攻击者和过滤器的统计行为都是静态时,我们首先给出了过滤器的最优策略。接下来,我们考虑攻击者和过滤器都可以动态改变其行为的情况,可能取决于另一方的感知行为。我们观察到,虽然自适应过滤器可以有效地防御静态攻击者,但如果攻击者比感知到的更动态,过滤器的性能会差得多。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
