Summary: Adaptive Early Packet Filtering for Defending
Firewalls against DoS Attacks
Adel El-Atawy , Ehab Al-Shaer
School of Computing
DePaul University
Chicago, Illinois, USA
Email: {aelatawy,ehab}@cs.depaul.edu
Tung Tran, Raouf Boutaba
School of Computer Science
University of Waterloo
Waterloo, Ontario, Canada
Email: {t3tran@,rboutaba@bbcr.}uwaterloo.ca
Abstract--A major threat to data networks is based on the
fact that some traffic can be expensive to classify and filter
as it will undergo a longer than average list of filtering rules
before being rejected by the default deny rule. An attacker with
some information about the access-control list (ACL) deployed
at a firewall or an intrusion detection and prevention system
(IDS/IPS) can craft packets that will have maximum cost. Most
optimizations made to current filtering techniques target the

Source: Al-Shaer, Ehab - School of Computer Science, Telecommunications and Information Systems, DePaul University

Collections: Computer Technologies and Information Sciences