A taxonomy of ddos attacks and ddos defense mechanisms abstract 1

pages

English

Documents

Écrit par
Administrator

Publié par
jjggi

Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Découvre YouScribe et accède à tout notre catalogue !

Je m'inscris

Découvre YouScribe et accède à tout notre catalogue !

Je m'inscris

pages

English

Documents

Lire un extrait

Obtenez un accès à la bibliothèque pour le consulter en ligne En savoir plus

Publié par

jjggi

Nombre de lectures

285

Langue

English

Publié par

jjggi

Langue

English

ATaxonomyofDDoSAttacksandDDoSDefenseMechanisms JelenaMirkovic,JaniceMartinandPeterReiher ComputerScienceDepartment UniversityofCalifornia,LosAngeles Technicalreport#020018

Abstract Thispaperproposesataxonomyofdistributeddenial-of-serviceattacksandataxonomyofthedefensemechanisms thatstrivetocountertheseattacks.Theattacktaxonomyis illustratedusingbothknownandpotentialattackmechanisms. Alongwiththisclassificationwediscussimportantfeaturesof eachattackcategorythatinturndefinethechallenges involvedincombatingthesethreats.Thedefensesystem taxonomyisillustratedusingonlythecurrentlyknown approaches.Thegoalofthepaperistoimposesomeorderinto themultitudeofexistingattackanddefensemechanismsthat wouldleadtoabetterunderstandingofchallengesinthe distributeddenial-of-servicefield.

1.Introduction Distributeddenial-of-serviceattacks(DDoS)pose animmensethreattotheInternet,and consequentlymanydefensemechanismshavebeen proposedtocombatthem.Attackersconstantly modifytheirtoolstobypassthesesecuritysystems, andresearchersinturnmodifytheirapproachesto handlenewattacks.TheDDoSfieldisevolving quickly,anditisbecomingincreasinglyhardto graspaglobalviewoftheproblem.Thispaper strivestointroducesomestructuretotheDDoS fieldbydevelopingataxonomyofDDoSattacks andDDoSdefensesystems.Thegoalofthepaper istohighlighttheimportantfeaturesofbothattack andsecuritymechanismsandstimulatediscussions thatmightleadtoabetterunderstandingofthe DDoSproblem. Theproposedtaxonomiesarecompleteinthe followingsense:theattacktaxonomycovers knownattacksandalsothosethathavenot currentlyappearedbutarepotentialthreatsthat wouldaffectcurrentdefensemechanisms;the defensesystemstaxonomycoversnotonly publishedapproachesbutalsosomecommercial approachesthataresufficientlydocumentedtobe analyzed.Alongwithclassification,weemphasize importantfeaturesofeachattackordefensesystem category,andproviderepresentativeexamplesof existingmechanisms.Thispaperdoesnotpropose

oradvocateanyspecificDDoSdefense mechanism.Eventhoughsomesectionsmight pointoutvulnerabilitiesofcertainclassesof defensesystems,ourpurposeisnottocriticizebut todrawattentiontotheseproblemssothatthey mightbesolved.

Followingthisintroduction,thepaperisorganized asfollows.Section2investigatestheproblemof DDoSattacks,andSection3proposestheir taxonomy;Section4proposesataxonomyof DDoSdefensesystems.Section5providesan overviewofrelatedworkandSection6concludes thepaper.

2.DDoSAttackOverview Adenial-of-serviceattackischaracterizedbyan explicitattemptbyattackerstopreventlegitimate usersofaservicefromusingthatservice[1].A distributeddenial-of-serviceattackdeploys multiplemachinestoattainthisgoal.Theserviceis deniedbysendingastreamofpacketstoavictim thateitherconsumessomekeyresource,thus renderingitunavailabletolegitimateclients,or providestheattackerwithunlimitedaccesstothe victimmachinesohecaninflictarbitrarydamage. Thissectionwillanswerthefollowingquestions: 1.le?ssibStaDoDsopatkcWhmatesak 2.?urccwdoHoaesehtoskcatt 3.r?ytdhoecyuoWch 2.1.InternetArchitecture TheInternetwasdesignedwithfunctionality,not security,inmind,anditwasindeedverysuccessful inreachingthisgoal.Itoffersitsparticipantsfast, easyandcheapcommunicationmechanisms, enforcedwithvarioushigher-levelprotocolsthat ensurereliableortimelydeliveryofmessagesora certainlevelofqualityofservice.Internetdesign followstheend-to-endparadigm:communicating endhostsdeploycomplexfunctionalitiesto achievedesiredserviceguarantees,whilethe intermediatenetworkprovidesthebare-minimum, best-effortservice.TheInternetismanagedina

Voir