Cart (Loading....) | Create Account
Close category search window

A Three-Layer Defense Mechanism Based on WEB Servers Against Distributed Denial of Service Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Zhijun Wu ; Tianjin Key Lab for Adv. Signal Process., Civil Aviation Univ. of China, Tianjin ; Zhifeng Chen

It is widely recognized that distributed denial of service (DDoS) attacks can disrupt Web service and cause large revenue losses. However, effective defenses continue to be mostly unavailable. We design a novel DDoS security mechanism, which is a three-layer defense mechanism based on Web servers. Combining the characteristic of the traffic of Web servers and aiming at TCP/IP reference model, it utilizes the means of statistical filtering and traffic limit in the network layer, transport layer and application layer to filter the illegitimate traffic to secure the pass of the normal traffic. A majority of illegitimate traffic is filtered by the algorithm of SHCF (simplified hop count filtering) on network layer. The rest of illegitimate traffic is filtered by the algorithm of SYN proxy firewall on transmission layer. And traffic limit is used on the application layer for DDoS attacks using legitimate IP. By the collaborative defense of the three-layer mechanism, sustaining availability of Web services can be ensured under DDoS attacks. The defense mechanism is implemented and tested inside the Linux kernel. The result indicates that the three-layer defense mechanism can defend DDoS attacks effectively.

Published in:

Communications and Networking in China, 2006. ChinaCom '06. First International Conference on

Date of Conference:

25-27 Oct. 2006

Need Help?

IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.