Type of Document Master's Thesis Author Nanduri, Kishori Author's Email Address email@example.com URN etd-06142005-152111 Title Scalable Schemes against Distributed Denial of Service Attacks Degree Master of Science in Electrical Engineering (M.S.E.E.) Department Electrical & Computer Engineering Advisory Committee
Advisor Name Title Ahmed A. El-Amawy Committee Chair Arjan Durresi Committee Co-Chair Hsiao-Chun Wu Committee Member Keywords
- DDoS attacks
Date of Defense 2005-05-18 Availability unrestricted AbstractDefense against Distributed Denial of Service (DDoS) attacks is one of the primary
concerns on the Internet today. DDoS attacks are difficult to prevent because of the open,
interconnected nature of the Internet and its underlying protocols, which can be used in several
ways to deny service. Attackers hide their identity by using third parties such as private chat
channels on IRC (Internet Relay Chat). They also insert false return IP address, spoofing, in a
packet which makes it difficult for the victim to determine the packet's origin.
We propose three novel and realistic traceback mechanisms which offer many advantages
over the existing schemes. All the three schemes take advantage of the Autonomous System
topology and consider the fact that the attacker's packets may traverse through a number of
domains under different administrative control. Most of the traceback mechanisms make wrong
assumptions that the network details of a company under an administrative control are disclosed
to the public. For security reasons, this is not the case most of the times.
The proposed schemes overcome this drawback by considering reconstruction at the inter
and intra AS levels. Hierarchical Internet Traceback (HIT) and Simple Traceback Mechanism
(STM) trace back to an attacker in two phases. In the first phase the attack originating
Autonomous System is identified while in the second phase the attacker within an AS is
identified. Both the schemes, HIT and STM, allow the victim to trace back to the attackers in a
few seconds. Their computational overhead is very low and they scale to large distributed attacks
with thousands of attackers. Fast Autonomous System Traceback allows complete attack path
reconstruction with few packets.
We use traceroute maps of real Internet topologies CAIDA's skitter to simulate DDoS
attacks and validate our design.
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access Nanduri_thesis.pdf 524.51 Kb 00:02:25 00:01:14 00:01:05 00:00:32 00:00:02