By Topic

Neighbor stranger discrimination: a new defense mechanism against Internet DDOS attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
S. Itani ; Dept. of Electr. & Comput. Eng., American Univ. of Beirut, Lebanon ; N. Aaraj ; D. Abdelahad ; A. Kayssi

Summary form only given. Distributed Denials of Service (DDoS) attacks have become a real threat to the security of the Internet. Defending against DDoS is a challenging job, due to the use of IP spoofing and the destination-based routing of the Internet. Many solutions have been proposed, but none is able to completely stop an intense attack. In this paper, we propose a new defense mechanism, neighbor stranger discrimination (NSD), which is capable of stopping or significantly reducing the intensity of a DDoS attack. NSD can be incrementally deployed and satisfactory results are achieved even when it is implemented on a small percentage, 10% to 20%, of the Internet routers. The overhead of installing NSD on a certain router is low in terms of additional storage and processing load. Unlike other defense strategies, NSD produces no false positives while reducing false negatives. Being router-based, NSD also stops reflected DDoS attacks (RDDoS) since it discards the spoofed packets before they reach the reflectors.

Published in:

The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005.

Date of Conference: