Please use this identifier to cite or link to this item:

A distributed scheme to detect and defend against distributed denial of service attacks

Authors Li, Chi-Pan
Issue Date 2003
Summary Distributed denial of service (DDoS) attacks present a serious threat to the Internet. They exhaust the critical resources at a target by engaging the power of a large number of compromised Internet hosts and hence deny services to legitimate clients. The current Internet infrastructure is vulnerable to DDoS attacks since it has no built-in attack defense mechanisms. This thesis investigates effective methods that can be practically deployed in the Internet for detection and defense against DDoS attacks. We propose a distributed scheme that can mitigate the damage caused by DDoS through a coordinated detection and response framework. This proposed scheme composes of a number of heterogeneous defense systems which cooperatively protect Internet servers. To evaluate the effectiveness of the proposed scheme, a prototype has been implemented, and a large network testbed has been constructed for carrying out experimental studies using real server machines and attack tools. The performance results show that compared to three other existing schemes, the proposed scheme greatly improves the throughput of legitimate traffic during an attack while effectively suppressing the attack traffic to an insignificant level. More importantly, our scheme works reasonably well even in a partial deployment environment.
Note Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2003
Language English
Format Thesis
Access View full-text via DOI
Files in this item:
File Description Size Format
th_redirect.html 337 B HTML
Copyrighted to the author. Reproduction is prohibited without the author’s prior written consent.