Cart (Loading....) | Create Account
Close category search window

Eagle Eyes: Protocol Independent Packet Marking Scheme to Filter Attack Packets and Reduce Collateral Damage During Flooding Based DoS and DDoS Attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
2 Author(s)
Saurabh, S. ; Dept. of Comput. Sci., Indian Inst. of Technol. Patna, Patna, India ; Sairam, A.S.

Defences against Denial and Distributed Denial of Service (DDoS) attacks commonly responds to flooding by dropping excess traffic. Such rate limiting schemes drop all excess-traffic when the request arrival rate goes above a certain empirically calculated threshold. Flooding based DoS/DDoS attacks like TCP SYN Attack does not exhibit any special signature except that their arrival-rate is high enough to overwhelm the victim. Hence it is very difficult to differentiate between legitimate and attack traffic as they share the same signature. As a result, rate limiting schemes cause heavy collateral damage by dropping out legitimate traffic [15]. In this paper we propose a novel packet marking mechanism which not only mitigates DoS/DDoS attacks by filtering but also reduces collateral damage significantly by selectively dropping attack packets based on its packet mark while allowing the legitimate traffic to be processed smoothly. Our packet mark contains fingerprint of the path in each single packet which allows us in identifying attack packets coming from various sources even in case of IP spoofing. Our scheme does not require any protocol specific knowledge and can generically filter out attack packets for all kinds of flooding attacks. We have extensively evaluated our packet marking scheme. Results show effectiveness of our scheme in filtering attack traffic. Our scheme inflicts extremely low collateral damage to legitimate traffic while quickly detecting and selectively filtering attack traffic.

Published in:

Computer and Communication Technology (ICCCT), 2012 Third International Conference on

Date of Conference:

23-25 Nov. 2012

Need Help?

IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.