完整後設資料紀錄
DC 欄位語言
dc.contributor.authorLee, FYen_US
dc.contributor.authorShieh, Sen_US
dc.date.accessioned2014-12-08T15:18:20Z-
dc.date.available2014-12-08T15:18:20Z-
dc.date.issued2005-10-01en_US
dc.identifier.issn0167-4048en_US
dc.identifier.urihttp://dx.doi.org/10.1016/j.cose.2005.03.005en_US
dc.identifier.urihttp://hdl.handle.net/11536/13219-
dc.description.abstractIn this paper, we propose anew scheme, called ANTI D, for detecting and filtering DDoS attacks which use spoofed packets to circumvent the conventional intrusion detection schemes. The proposed anti-DDoS scheme intends to complement, rather than replace conventional schemes. By embedding in each IP packet a unique path fingerprint that represents the route an IP packet has traversed, ANTID is able to distinguish IP packets that traverse different Internet paths. In ANTID, a server maintains for each of its communicating clients the mapping from the client's IP address to the corresponding path fingerprint. The construction and renewal of these mappings is performed in an on-demand fashion that helps to reduce the cost of maintenance. With presence of the mapping table, the onset of a spoofed DDoS attack can be detected by observing a surge of spoofed packets. Consequently, spoofed attack packets are filtered so as to sustain the quality of protected Internet services. ANTID is lightweight, robust, and incrementally deployable. Our experiment results showed that the proposed scheme can detect 99.95% spoofed IP packets and can discard them with little collateral damage to legitimate clients. It also showed that the higher the aggregated attack rate is, the sooner the attack can be detected. (C) 2005 Elsevier Ltd. All rights reserved.en_US
dc.language.isoen_USen_US
dc.subjectnetwork securityen_US
dc.subjectintrusion detectionen_US
dc.subjectDDoSen_US
dc.subjectIP spoofingen_US
dc.titleDefending against spoofed DDoS attacks with path fingerprinten_US
dc.typeArticleen_US
dc.identifier.doi10.1016/j.cose.2005.03.005en_US
dc.identifier.journalCOMPUTERS & SECURITYen_US
dc.citation.volume24en_US
dc.citation.issue7en_US
dc.citation.spage571en_US
dc.citation.epage586en_US
dc.contributor.department資訊工程學系zh_TW
dc.contributor.departmentDepartment of Computer Scienceen_US
dc.identifier.wosnumberWOS:000233232400019-
dc.citation.woscount10-
顯示於類別:期刊論文


文件中的檔案:

  1. 000233232400019.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。