| | |
Summary: IEEE COMMUNICATIONS LETTERS, VOL. 10, NO. 11, NOVEMBER 2006 793
Differentiating Malicious DDoS Attack Traffic from
Normal TCP Flows by Proactive Tests
Zhiqiang Gao, Member, IEEE, and Nirwan Ansari, Senior Member, IEEE
Abstract-- To defend against distributed denial of service
(DDoS) attacks, one critical issue is to effectively isolate the attack
traffic from the normal ones. A novel DDoS defense scheme based
on TCP is hereby contrived because TCP is the dominant traffic
for both the normal and lethal flows in the Internet. Unlike
most of the previous DDoS defense schemes that are passive in
nature, the proposal uses proactive tests to identify and isolate
the malicious traffic. Simulation results validate the effectiveness
of our proposed scheme.
Index Terms-- DDoS defense, proactive test, TCP.
I. INTRODUCTION
DISTRIBUTED denial of service (DDoS) attacks are
probably the most ferocious threats to the integrity of
the Internet. It is well known that it is rather easy to launch,
but difficult to defend against, a DDoS attack. The underlying
reasons include (1) IP spoofing; (2) the distributed nature
|
