Against Distributed Denial-of-Service Attacks

Title: Against Distributed Denial-of-Service Attacks

Research Question: How can we protect public-access sites like web servers and FTP servers from distributed denial-of-service (DDoS) attacks while minimizing the impact on network resources?

Methodology: The researchers proposed Active Internet Traffic Filtering (AITF), an automated mechanism for filtering malicious traffic during DDoS attacks. AITF aims to protect victims' resources by efficiently managing the "filtering capacity" of the internet. It requires a reasonable amount of resources from each participating router, such as a few thousand entries of TCAM memory and a few gigabytes of DRAM memory. AITF also requires an efficient traceback mechanism to identify the source of the attack.

Results: AITF successfully protects a significant amount of the victim's bandwidth while requiring a reasonable number of filters that can be accommodated by today's routers. The researchers identified two main challenges in using automatic filter propagation to protect the internet from DDoS attacks: managing the "filtering capacity" of the internet and preventing malicious nodes from abusing the mechanism. AITF addresses these challenges effectively.

Implications: AITF is a promising solution for protecting public-access sites from DDoS attacks. It requires minimal resources from participating routers and can efficiently manage the "filtering capacity" of the internet. However, it relies on an efficient traceback mechanism, which may have its own limitations and challenges. Further research and development are needed to improve the effectiveness and efficiency of AITF and similar mechanisms.

Link to Article: https://arxiv.org/abs/0403042v1 Authors: arXiv ID: 0403042v1