A taxonomy of ddos attacks and ddos defense mechanisms abstract 1

icon

12

pages

icon

English

icon

Documents

Écrit par

Publié par

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris
icon

12

pages

icon

English

icon

Ebook

Lire un extrait
Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Publié par

Nombre de lectures

284

Langue

English

ATaxonomyofDDoSAttacksandDDoSDefenseMechanisms JelenaMirkovic,JaniceMartinandPeterReiher ComputerScienceDepartment UniversityofCalifornia,LosAngeles Technicalreport#020018
Abstract Thispaperproposesataxonomyofdistributeddenial-of-serviceattacksandataxonomyofthedefensemechanisms thatstrivetocountertheseattacks.Theattacktaxonomyis illustratedusingbothknownandpotentialattackmechanisms. Alongwiththisclassificationwediscussimportantfeaturesof eachattackcategorythatinturndefinethechallenges involvedincombatingthesethreats.Thedefensesystem taxonomyisillustratedusingonlythecurrentlyknown approaches.Thegoalofthepaperistoimposesomeorderinto themultitudeofexistingattackanddefensemechanismsthat wouldleadtoabetterunderstandingofchallengesinthe distributeddenial-of-servicefield.
1.Introduction Distributeddenial-of-serviceattacks(DDoS)pose animmensethreattotheInternet,and consequentlymanydefensemechanismshavebeen proposedtocombatthem.Attackersconstantly modifytheirtoolstobypassthesesecuritysystems, andresearchersinturnmodifytheirapproachesto handlenewattacks.TheDDoSfieldisevolving quickly,anditisbecomingincreasinglyhardto graspaglobalviewoftheproblem.Thispaper strivestointroducesomestructuretotheDDoS fieldbydevelopingataxonomyofDDoSattacks andDDoSdefensesystems.Thegoalofthepaper istohighlighttheimportantfeaturesofbothattack andsecuritymechanismsandstimulatediscussions thatmightleadtoabetterunderstandingofthe DDoSproblem. Theproposedtaxonomiesarecompleteinthe followingsense:theattacktaxonomycovers knownattacksandalsothosethathavenot currentlyappearedbutarepotentialthreatsthat wouldaffectcurrentdefensemechanisms;the defensesystemstaxonomycoversnotonly publishedapproachesbutalsosomecommercial approachesthataresufficientlydocumentedtobe analyzed.Alongwithclassification,weemphasize importantfeaturesofeachattackordefensesystem category,andproviderepresentativeexamplesof existingmechanisms.Thispaperdoesnotpropose
oradvocateanyspecificDDoSdefense mechanism.Eventhoughsomesectionsmight pointoutvulnerabilitiesofcertainclassesof defensesystems,ourpurposeisnottocriticizebut todrawattentiontotheseproblemssothatthey mightbesolved.
Followingthisintroduction,thepaperisorganized asfollows.Section2investigatestheproblemof DDoSattacks,andSection3proposestheir taxonomy;Section4proposesataxonomyof DDoSdefensesystems.Section5providesan overviewofrelatedworkandSection6concludes thepaper.
2.DDoSAttackOverview Adenial-of-serviceattackischaracterizedbyan explicitattemptbyattackerstopreventlegitimate usersofaservicefromusingthatservice[1].A distributeddenial-of-serviceattackdeploys multiplemachinestoattainthisgoal.Theserviceis deniedbysendingastreamofpacketstoavictim thateitherconsumessomekeyresource,thus renderingitunavailabletolegitimateclients,or providestheattackerwithunlimitedaccesstothe victimmachinesohecaninflictarbitrarydamage. Thissectionwillanswerthefollowingquestions: 1.le?ssibStaDoDsopatkcWhmatesak 2.?urccwdoHoaesehtoskcatt 3.r?ytdhoecyuoWch 2.1.InternetArchitecture TheInternetwasdesignedwithfunctionality,not security,inmind,anditwasindeedverysuccessful inreachingthisgoal.Itoffersitsparticipantsfast, easyandcheapcommunicationmechanisms, enforcedwithvarioushigher-levelprotocolsthat ensurereliableortimelydeliveryofmessagesora certainlevelofqualityofservice.Internetdesign followstheend-to-endparadigm:communicating endhostsdeploycomplexfunctionalitiesto achievedesiredserviceguarantees,whilethe intermediatenetworkprovidesthebare-minimum, best-effortservice.TheInternetismanagedina
1
Voir icon more
Alternate Text