An Approach to Counteract Distributed Denial of Service Attacks

U.K. Tupakula, V. Varadharajan, and M. Hofman (Australia)


Distributed Denial of Service, DDoS, Packet marking, Controller-Agent model, Broad Attack Signatures.


In this paper, we propose a Controller-Agent model that would greatly minimize Distributed Denial of Service (DDoS) attacks on Internet. With a new packet marking technique and agent design our scheme is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses. Our scheme is only invoked during attack times, is able to process the Victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, prevent the attack traffic at the nearest router to the attacking system, has high response time and is simple in its implementation and can be incrementally deployed. Hence we believe that the scheme proposed in this paper seems to be a promising approach to prevent distributed denial of service attacks.

Important Links:

Go Back