PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks

Distributed denial-of-service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE transactions on dependable and secure computing 2006-04, Vol.3 (2), p.141-155
Hauptverfasser:	Yoohwan Kim, Wing Cheong Lau, Mooi Choo Chuah, Chao, H.J.
Format:	Artikel
Sprache:	eng
Schlagworte:	Access control Automated Automation Chaos Computation Computer crime Computer engineering Computer science Computer security Cybercrime Denial of service attacks Dynamical systems Filtering Hardware High speed Information filtering Information filters Internet IP networks Legitimacy Network level security and protection network monitoring Network security On-line systems Packet switched networks Performance evaluation Protection security Security management simulation Studies Telecommunication traffic traffic analysis
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	155
container_issue	2
container_start_page	141
container_title	IEEE transactions on dependable and secure computing
container_volume	3
creator	Yoohwan Kim Wing Cheong Lau Mooi Choo Chuah Chao, H.J.
description	Distributed denial-of-service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that packetscore is very effective in blocking several different attack types under many different conditions
doi_str_mv	10.1109/TDSC.2006.25
format	Article
fullrecord	<record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_206522779</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1632008</ieee_id><sourcerecordid>1122420601</sourcerecordid><originalsourceid>FETCH-LOGICAL-c450t-8a3891aad732686a9c60b1026a285b4680f94deb3ebac15d8f426e14433e01793</originalsourceid><addsrcrecordid>eNp90U1LxDAQBuAiCurqzZuX4kE82HXy2dSbrJ-woKCeQ5pONdpt1yQr-O_N7gqCB08ZyDMzDG-WHRAYEwLV2dPl42RMAeSYio1sh1ScFABEbaZacFGIqiTb2W4IbwCUq4rvZPhg7DvGRzt4PM9NHqKJLkRnQ1GbgE0-X_3nresiete_5MG-4gxz82JcH2LeJO1dvYjJNtg70xVDWwT0n84mFWPqD3vZVmu6gPs_7yh7vr56mtwW0_ubu8nFtLBcQCyUYaoixjQlo1JJU1kJNQEqDVWi5lJBW_EGa4a1sUQ0quVUIuGcMQRSVmyUHa_nzv3wscAQ9cwFi11nehwWQVMFXAkCCZ78C4ksCVOMi-XMoz_0bVj4Pp2hKUhBablafLpG1g8heGz13LuZ8V-agF5mo5fZ6GU2morED9fcIeIvlSwBxb4Bm7CJ-g</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>206522779</pqid></control><display><type>article</type><title>PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks</title><source>IEEE Electronic Library (IEL)</source><creator>Yoohwan Kim ; Wing Cheong Lau ; Mooi Choo Chuah ; Chao, H.J.</creator><creatorcontrib>Yoohwan Kim ; Wing Cheong Lau ; Mooi Choo Chuah ; Chao, H.J.</creatorcontrib><description>Distributed denial-of-service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that packetscore is very effective in blocking several different attack types under many different conditions</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2006.25</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Access control ; Automated ; Automation ; Chaos ; Computation ; Computer crime ; Computer engineering ; Computer science ; Computer security ; Cybercrime ; Denial of service attacks ; Dynamical systems ; Filtering ; Hardware ; High speed ; Information filtering ; Information filters ; Internet ; IP networks ; Legitimacy ; Network level security and protection ; network monitoring ; Network security ; On-line systems ; Packet switched networks ; Performance evaluation ; Protection ; security ; Security management ; simulation ; Studies ; Telecommunication traffic ; traffic analysis</subject><ispartof>IEEE transactions on dependable and secure computing, 2006-04, Vol.3 (2), p.141-155</ispartof><rights>Copyright IEEE Computer Society Apr-Jun 2006</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c450t-8a3891aad732686a9c60b1026a285b4680f94deb3ebac15d8f426e14433e01793</citedby><cites>FETCH-LOGICAL-c450t-8a3891aad732686a9c60b1026a285b4680f94deb3ebac15d8f426e14433e01793</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1632008$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1632008$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yoohwan Kim</creatorcontrib><creatorcontrib>Wing Cheong Lau</creatorcontrib><creatorcontrib>Mooi Choo Chuah</creatorcontrib><creatorcontrib>Chao, H.J.</creatorcontrib><title>PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Distributed denial-of-service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that packetscore is very effective in blocking several different attack types under many different conditions</description><subject>Access control</subject><subject>Automated</subject><subject>Automation</subject><subject>Chaos</subject><subject>Computation</subject><subject>Computer crime</subject><subject>Computer engineering</subject><subject>Computer science</subject><subject>Computer security</subject><subject>Cybercrime</subject><subject>Denial of service attacks</subject><subject>Dynamical systems</subject><subject>Filtering</subject><subject>Hardware</subject><subject>High speed</subject><subject>Information filtering</subject><subject>Information filters</subject><subject>Internet</subject><subject>IP networks</subject><subject>Legitimacy</subject><subject>Network level security and protection</subject><subject>network monitoring</subject><subject>Network security</subject><subject>On-line systems</subject><subject>Packet switched networks</subject><subject>Performance evaluation</subject><subject>Protection</subject><subject>security</subject><subject>Security management</subject><subject>simulation</subject><subject>Studies</subject><subject>Telecommunication traffic</subject><subject>traffic analysis</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2006</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><sourceid>BENPR</sourceid><recordid>eNp90U1LxDAQBuAiCurqzZuX4kE82HXy2dSbrJ-woKCeQ5pONdpt1yQr-O_N7gqCB08ZyDMzDG-WHRAYEwLV2dPl42RMAeSYio1sh1ScFABEbaZacFGIqiTb2W4IbwCUq4rvZPhg7DvGRzt4PM9NHqKJLkRnQ1GbgE0-X_3nresiete_5MG-4gxz82JcH2LeJO1dvYjJNtg70xVDWwT0n84mFWPqD3vZVmu6gPs_7yh7vr56mtwW0_ubu8nFtLBcQCyUYaoixjQlo1JJU1kJNQEqDVWi5lJBW_EGa4a1sUQ0quVUIuGcMQRSVmyUHa_nzv3wscAQ9cwFi11nehwWQVMFXAkCCZ78C4ksCVOMi-XMoz_0bVj4Pp2hKUhBablafLpG1g8heGz13LuZ8V-agF5mo5fZ6GU2morED9fcIeIvlSwBxb4Bm7CJ-g</recordid><startdate>20060401</startdate><enddate>20060401</enddate><creator>Yoohwan Kim</creator><creator>Wing Cheong Lau</creator><creator>Mooi Choo Chuah</creator><creator>Chao, H.J.</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L6V</scope><scope>M0C</scope><scope>M0N</scope><scope>M7S</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PTHSS</scope><scope>PYYUZ</scope><scope>Q9U</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20060401</creationdate><title>PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks</title><author>Yoohwan Kim ; Wing Cheong Lau ; Mooi Choo Chuah ; Chao, H.J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c450t-8a3891aad732686a9c60b1026a285b4680f94deb3ebac15d8f426e14433e01793</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Access control</topic><topic>Automated</topic><topic>Automation</topic><topic>Chaos</topic><topic>Computation</topic><topic>Computer crime</topic><topic>Computer engineering</topic><topic>Computer science</topic><topic>Computer security</topic><topic>Cybercrime</topic><topic>Denial of service attacks</topic><topic>Dynamical systems</topic><topic>Filtering</topic><topic>Hardware</topic><topic>High speed</topic><topic>Information filtering</topic><topic>Information filters</topic><topic>Internet</topic><topic>IP networks</topic><topic>Legitimacy</topic><topic>Network level security and protection</topic><topic>network monitoring</topic><topic>Network security</topic><topic>On-line systems</topic><topic>Packet switched networks</topic><topic>Performance evaluation</topic><topic>Protection</topic><topic>security</topic><topic>Security management</topic><topic>simulation</topic><topic>Studies</topic><topic>Telecommunication traffic</topic><topic>traffic analysis</topic><toplevel>online_resources</toplevel><creatorcontrib>Yoohwan Kim</creatorcontrib><creatorcontrib>Wing Cheong Lau</creatorcontrib><creatorcontrib>Mooi Choo Chuah</creatorcontrib><creatorcontrib>Chao, H.J.</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>ProQuest Engineering Collection</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Engineering Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>Engineering Collection</collection><collection>ABI/INFORM Collection China</collection><collection>ProQuest Central Basic</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yoohwan Kim</au><au>Wing Cheong Lau</au><au>Mooi Choo Chuah</au><au>Chao, H.J.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2006-04-01</date><risdate>2006</risdate><volume>3</volume><issue>2</issue><spage>141</spage><epage>155</epage><pages>141-155</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Distributed denial-of-service (DDoS) attacks are a critical threat to the Internet. This paper introduces a DDoS defense scheme that supports automated online attack characterizations and accurate attack packet discarding based on statistical processing. The key idea is to prioritize a packet based on a score which estimates its legitimacy given the attribute values it carries. Once the score of a packet is computed, this scheme performs score-based selective packet discarding where the dropping threshold is dynamically adjusted based on the score distribution of recent incoming packets and the current level of system overload. This paper describes the design and evaluation of automated attack characterizations, selective packet discarding, and an overload control process. Special considerations are made to ensure that the scheme is amenable to high-speed hardware implementation through scorebook generation and pipeline processing. A simulation study indicates that packetscore is very effective in blocking several different attack types under many different conditions</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2006.25</doi><tpages>15</tpages><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier	ISSN: 1545-5971
ispartof	IEEE transactions on dependable and secure computing, 2006-04, Vol.3 (2), p.141-155
issn	1545-5971 1941-0018
language	eng
recordid	cdi_proquest_journals_206522779
source	IEEE Electronic Library (IEL)
subjects	Access control Automated Automation Chaos Computation Computer crime Computer engineering Computer science Computer security Cybercrime Denial of service attacks Dynamical systems Filtering Hardware High speed Information filtering Information filters Internet IP networks Legitimacy Network level security and protection network monitoring Network security On-line systems Packet switched networks Performance evaluation Protection security Security management simulation Studies Telecommunication traffic traffic analysis
title	PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-09T17%3A01%3A52IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=PacketScore:%20a%20statistics-based%20packet%20filtering%20scheme%20against%20distributed%20denial-of-service%20attacks&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Yoohwan%20Kim&rft.date=2006-04-01&rft.volume=3&rft.issue=2&rft.spage=141&rft.epage=155&rft.pages=141-155&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2006.25&rft_dat=%3Cproquest_RIE%3E1122420601%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=206522779&rft_id=info:pmid/&rft_ieee_id=1632008&rfr_iscdi=true