Discriminating Defense Against DDoS Attacks; a Novel Approach
share
A recent paper (circa 2020) by Osterwile et al., entitled "21 Years of Distributed Denial of Service: A Call to Action", states: "We are falling behind in the war against distributed denial-of-service attacks. Unless we act now, the future of the Internet could be at stake." And an earlier (circa 2007) paper by Peng et al. states: "a key challenge for the defense [against DDoS attacks] is how to discriminate legitimate requests for service from malicious access attempts." This challenge has not been met yet, which is, arguably, a major reason for the dire situation described by Osterwile et al. – thirteen years later. This paper attempts to meet an approximation to this challenge, by enabling a a site to define the kind of messages that it considers important, and by introducing an unambiguous criterion of discrimination between messages that a given site considers important, and all other messages sent to it. Two anti-DDoS mechanisms based on this criterion are introduced in this paper. One of these relies on lightweight support by routers; and the other one does not.
READ FULL TEXT
