Against Distributed Denial-of-Service Attacks
Title: Against Distributed Denial-of-Service Attacks
Research Question: How can we protect public-access sites from highly distributed denial-of-service (DDoS) attacks while efficiently managing the available filtering resources?
Methodology: The researchers proposed Active Internet Traffic Filtering (AITF), a mechanism that protects public-access sites from DDoS attacks by causing undesired traffic to be blocked as close as possible to its sources. They identified filters as a scarce resource and showed that AITF protects a significant amount of the victim's bandwidth, while requiring from each participating router a number of filters that can be accommodated by today's routers.
Results: The study found that AITF is incrementally deployable, offering substantial benefits to the first sites that deploy it. The researchers demonstrated that AITF can effectively block attack traffic from a large number of sources, while minimizing the impact on legitimate traffic.
Implications: The implementation of AITF can significantly enhance the security of public-access sites against DDoS attacks. By causing undesired traffic to be blocked as close as possible to its sources, AITF efficiently utilizes the available filtering resources and minimizes the impact on legitimate traffic. This makes it an attractive solution for protecting critical online services from highly distributed and sophisticated attacks.
Link to Article: https://arxiv.org/abs/0403042v2 Authors: arXiv ID: 0403042v2