Scalable Protection Against DDOS and Worm Attacks

Abstract

This report addresses two pressing challenges facing network security today: distributed denial of service (DDoS) and worm attacks. New solutions are aimed at providing scalable defenses against these potentially debilitating cyber threats. Two complementary modes of protection are achieved: 1) proactive protection that prevents attacks from imparting harm in the first place, and 2) reactive protection that locates the physical source of an attack and adapts to unforeseen vulnerabilities. The solutions are based on a new approach to network security (distributed packet filtering (DPF)) that casts a filter net" over the network system which stops the attack traffic. Scalability is afforded by the small size of the filter net: with only 15% deployment for DDoS and 4% for worm, DPF is able to achieve overwhelming protection. Efficacy under partial deployment, a key requirement of any viable solution, is made possible by the recently discovered power-law connectivity of the Internet. Performance evaluation of DPF using large-scale Internet topologies is carried out with DaSSF-Turbo, a scalable network simulation environment developed as part of the project. DaSSF- Turbo is a performance-oriented extension of DaSSF and facilitates Internet-scale benchmarking through automated network configuration, performance monitoring, and power-law partitioning.

Document Details

Document Type

Technical Report

Publication Date

Apr 01, 2004

Accession Number

ADA423164

Entities

Tags