Discriminating Defense Against DDoS Attacks; a Novel Approach

A recent paper (circa 2020) by Osterwile et al., entitled "21 Years of Distributed Denial of Service: A Call to Action", states: "We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake." And...

Full description

Saved in:
Bibliographic Details
Published inarXiv.org
Main Author Minsky, Naftaly H
Format Paper
LanguageEnglish
Published Ithaca Cornell University Library, arXiv.org 28.01.2022
Subjects
Criteria
Denial of service attacks
Messages
Routers
Security management
Online AccessGet full text

Cover

More Information
Summary:A recent paper (circa 2020) by Osterwile et al., entitled "21 Years of Distributed Denial of Service: A Call to Action", states: "We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake." And an earlier (circa 2007) paper by Peng et al. states: "a key challenge for the defense [against DDoS attacks] is how to discriminate legitimate requests for service from malicious access attempts." This challenge has not been met yet, which is, arguably, a major reason for the dire situation described by Osterwile et al. -- thirteen years later. This paper attempts to meet an approximation to this challenge, by enabling a a site to define the kind of messages that it considers important, and by introducing an unambiguous criterion of discrimination between messages that a given site considers important, and all other messages sent to it. Two anti-DDoS mechanisms based on this criterion are introduced in this paper. One of these relies on lightweight support by routers; and the other one does not.
ISSN:2331-8422