Sciweavers

USS
2008

Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks

14 years 2 months ago
Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks
Large-scale bandwidth-based distributed denial-of-service (DDoS) attacks can quickly knock out substantial parts of a network before reactive defenses can respond. Even traffic flows that are not under direct attack can suffer significant collateral damage if these flows pass through links that are common to attack routes. Given the existence today of large botnets with more than a hundred thousand bots, the potential for a large-scale coordinated attack exists, especially given the prevalence of high-speed Internet access. This paper presents a Proactive Surge Protection (PSP) mechanism that aims to provide a broad first line of defense against DDoS attacks. The approach aims to minimize collateral damage by providing bandwidth isolation between traffic flows. This isolation is achieved through a combination of traffic measurements, bandwidth allocation of network resources, metering and tagging of packets at the network perimeter, and preferential dropping of packets inside the netwo...
Jerry Chi-Yuan Chou, Bill Lin, Subhabrata Sen, Oli
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Jerry Chi-Yuan Chou, Bill Lin, Subhabrata Sen, Oliver Spatscheck
Comments (0)