A taxonomy of ddos attacks and ddos defense mechanisms abstract 1

jjggi - Administrator

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

12 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

Informations
Extrait

Informations

Publié par	jjggi
Nombre de lectures	284
Langue	English

Extrait

ATaxonomyofDDoSAttacksandDDoSDefenseMechanisms JelenaMirkovic,JaniceMartinandPeterReiher ComputerScienceDepartment UniversityofCalifornia,LosAngeles Technicalreport#020018

Abstract Thispaperproposesataxonomyofdistributeddenial-of-serviceattacksandataxonomyofthedefensemechanisms thatstrivetocountertheseattacks.Theattacktaxonomyis illustratedusingbothknownandpotentialattackmechanisms. Alongwiththisclassificationwediscussimportantfeaturesof eachattackcategorythatinturndefinethechallenges involvedincombatingthesethreats.Thedefensesystem taxonomyisillustratedusingonlythecurrentlyknown approaches.Thegoalofthepaperistoimposesomeorderinto themultitudeofexistingattackanddefensemechanismsthat wouldleadtoabetterunderstandingofchallengesinthe distributeddenial-of-servicefield.

1.Introduction Distributeddenial-of-serviceattacks(DDoS)pose animmensethreattotheInternet,and consequentlymanydefensemechanismshavebeen proposedtocombatthem.Attackersconstantly modifytheirtoolstobypassthesesecuritysystems, andresearchersinturnmodifytheirapproachesto handlenewattacks.TheDDoSfieldisevolving quickly,anditisbecomingincreasinglyhardto graspaglobalviewoftheproblem.Thispaper strivestointroducesomestructuretotheDDoS fieldbydevelopingataxonomyofDDoSattacks andDDoSdefensesystems.Thegoalofthepaper istohighlighttheimportantfeaturesofbothattack andsecuritymechanismsandstimulatediscussions thatmightleadtoabetterunderstandingofthe DDoSproblem. Theproposedtaxonomiesarecompleteinthe followingsense:theattacktaxonomycovers knownattacksandalsothosethathavenot currentlyappearedbutarepotentialthreatsthat wouldaffectcurrentdefensemechanisms;the defensesystemstaxonomycoversnotonly publishedapproachesbutalsosomecommercial approachesthataresufficientlydocumentedtobe analyzed.Alongwithclassification,weemphasize importantfeaturesofeachattackordefensesystem category,andproviderepresentativeexamplesof existingmechanisms.Thispaperdoesnotpropose

oradvocateanyspecificDDoSdefense mechanism.Eventhoughsomesectionsmight pointoutvulnerabilitiesofcertainclassesof defensesystems,ourpurposeisnottocriticizebut todrawattentiontotheseproblemssothatthey mightbesolved.

Followingthisintroduction,thepaperisorganized asfollows.Section2investigatestheproblemof DDoSattacks,andSection3proposestheir taxonomy;Section4proposesataxonomyof DDoSdefensesystems.Section5providesan overviewofrelatedworkandSection6concludes thepaper.

2.DDoSAttackOverview Adenial-of-serviceattackischaracterizedbyan explicitattemptbyattackerstopreventlegitimate usersofaservicefromusingthatservice[1].A distributeddenial-of-serviceattackdeploys multiplemachinestoattainthisgoal.Theserviceis deniedbysendingastreamofpacketstoavictim thateitherconsumessomekeyresource,thus renderingitunavailabletolegitimateclients,or providestheattackerwithunlimitedaccesstothe victimmachinesohecaninflictarbitrarydamage. Thissectionwillanswerthefollowingquestions: 1.le?ssibStaDoDsopatkcWhmatesak 2.?urccwdoHoaesehtoskcatt 3.r?ytdhoecyuoWch 2.1.InternetArchitecture TheInternetwasdesignedwithfunctionality,not security,inmind,anditwasindeedverysuccessful inreachingthisgoal.Itoffersitsparticipantsfast, easyandcheapcommunicationmechanisms, enforcedwithvarioushigher-levelprotocolsthat ensurereliableortimelydeliveryofmessagesora certainlevelofqualityofservice.Internetdesign followstheend-to-endparadigm:communicating endhostsdeploycomplexfunctionalitiesto achievedesiredserviceguarantees,whilethe intermediatenetworkprovidesthebare-minimum, best-effortservice.TheInternetismanagedina