Abstract

Distributed denial-of-service (DDoS) attacks present an immense threat to the Internet. They engage the power of a vast number of coordinated Internet hosts to consume some critical resource at the target and deny the service to legitimate clients. As a side effect, they frequently create network congestion on the way from a source to the target, thus disrupting normal Internet operation. The existing security mechanisms do not provide effective defense against these attacks. The large number of attacking machines and the use of source IP address spoofing make the traceback impossible. The use of legitimate packets for the attack and the varying of packet fields disable characterization and filtering of the attack streams. The distributed nature of the attacks calls for a distributed response, but cooperation between administrative domains is hard to achieve, and security and authentication of participants incur high cost.

Metadata

publication

Ph. D. thesis, Computer Science Department, University of California, Los …, 2003

year

2003

publication date

2003/6

authors

Jelena Mirković

link

https://lasr.cs.ucla.edu/ddos/prospectus.pdf

resource_link

https://lasr.cs.ucla.edu/ddos/prospectus.pdf

institution

Ph. D. thesis, Computer Science Department, University of California, Los Angeles