2009 International Conference on Information Technology and Computer Science 2009
DOI: 10.1109/itcs.2009.248
View full text | Cite
|
Sign up to set email alerts
|

Abstract: To defend against distributed denial of service (DDoS) attacks, one critical issue is to effectively isolate the attack traffic from the normal ones. A novel DDoS defense scheme based on TCP_IP Header Analysis and Proactive Tests (THAPT) is hereby proposed. Unlike most of the previous DDoS defense schemes that are passive in nature, the proposal uses proactive tests to identify and isolate the malicious traffic. Simulation results validate the effectiveness of our proposed scheme. Disciplines Physical Science… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2011
2011
2019
2019

Publication Types

Select...
1
1

Relationship

0
2

Authors

Journals

citations
Cited by 4 publications
(2 citation statements)
references
References 19 publications
(10 reference statements)
0
2
0
Order By: Relevance
“…Smurf attacks entail the sending of an ICMP echo traffic request alongside the source address of a spoofed target victim to a specific broadcast IP address. ICMP echo requests are often received by most of the hosts that are present on an IP network [41], which then responds to the source address being the target victim in this situation. It is possible for hundreds of machines within a broadcast network to respond to each ICMP packet.…”
Section: B Exploited Vulnerability Of Ddos Attackmentioning
confidence: 99%
“…Smurf attacks entail the sending of an ICMP echo traffic request alongside the source address of a spoofed target victim to a specific broadcast IP address. ICMP echo requests are often received by most of the hosts that are present on an IP network [41], which then responds to the source address being the target victim in this situation. It is possible for hundreds of machines within a broadcast network to respond to each ICMP packet.…”
Section: B Exploited Vulnerability Of Ddos Attackmentioning
confidence: 99%
“…The attacker modifies the fragment offset such that when the firewall assembles it the malicious content gets hidden. However the packet becomes malicious when the victim reassembles it the [13], [25].…”
Section: Overlapping Fragmentsmentioning
confidence: 99%