A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks

Athens, Greece June 19-June 25

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ICNS.2007.5

International Conference on Networkin ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jie Yu Articles by Zhoujun Li Articles by Huowang Chen Articles by Xiaoming Chen

	ASCII Text	x
	Jie Yu, Zhoujun Li, Huowang Chen, Xiaoming Chen, "A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks," Networking and Services, International conference on, pp. 54, International Conference on Networking and Services (ICNS '07), 2007.

	BibTex	x
	@article{ 10.1109/ICNS.2007.5, author = {Jie Yu and Zhoujun Li and Huowang Chen and Xiaoming Chen}, title = {A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks}, journal ={Networking and Services, International conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2858-9}, pages = {54}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICNS.2007.5}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Networking and Services, International conference on TI - A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks SN - 0-7695-2858-9 SP EP A1 - Jie Yu, A1 - Zhoujun Li, A1 - Huowang Chen, A1 - Xiaoming Chen, PY - 2007 KW - null VL - 0 JA - Networking and Services, International conference on ER -

Jie Yu, National University of Defense Technology Changsha, China

Zhoujun Li, Beihang Universit, China

Huowang Chen, National University of Defense Technology

Xiaoming Chen, Beihang University

Application layer DDoS attacks, which are legitimate in packets and protocols, gradually become a pressing problem for commerce, politics and military. We build an attack model and characterize layer-7 attacks into three classes: session flooding attacks, request flooding attacks and asymmetric attacks. We proposed a mechanism named as DOW (Defense and Offense Wall), which defends against layer-7 attacks using combination of detection technology and currency technology. An anomaly dete-ction method based on K-means clustering is introduced to detect and filter request flooding attacks and asymmetric attacks. To defend against session-flooding attacks, we propose an encoura-gement model that uses client?s session rate as currency. Dete-ction model drops suspicious sessions, while currency model encourages more legitimate sessions. By collaboration of these two models, normal clients could gain higher service rate and lower delay of response time.

Citation:

Jie Yu, Zhoujun Li, Huowang Chen, Xiaoming Chen, "A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks," icns, pp.54, International Conference on Networking and Services (ICNS '07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.