Skip to Main Content
Denial-of-service (DoS) attacks exploit a very fundamental fact that the computation and bandwidth resources of their targets are limited. When the attackers generate large volume of useless packets to deplete the available resources of the targets, the targets are unable to accommodate the legitimate service requests. This paper proposes a firewall mechanism that tries to filter off the malicious packets when the protected network is under DoS attacks. The idea is to judge the legitimacy status of each incoming packet from its source address in a statistical way. The scheme utilizes the traffic intensity difference between the legitimate users and the malicious attackers to make this determination in real time. The proposed firewall mechanism can be used to protect both wired and wireless networks.
Vehicular Technology Conference, 2004. VTC2004-Fall. 2004 IEEE 60th (Volume:5 )
Date of Conference: 26-29 Sept. 2004