A Network Mitigation System Against Distributed Denial of Service: A Linux-based Prototype

L. Qi, M. Zandi, and M. Vargas Martin (Canada)

Keywords

Denial of service, intrusion detection, traffic shaping.

Abstract

Distributed denial of service (DDoS) is a serious threat to service availability that poses important concerns. Web based organizations are under a great pressure to prevent, detect, react, and mitigate DDoS attacks which can lead to severe outages. The main contribution of this paper is a DDoS mitigation system based on Bloom filters, which has been prototyped in a Linux system and tested in our local laboratory. Our experiments show that our system is capable of attenuating the effects of a typical DDoS attack and is able to mitigate a large number of disrupting traffic.

Important Links:



Go Back