Abstract
In this paper, we propose a new approach called MAFIC (MAlicious Flow Identification and Cutoff) to support adaptive packet dropping to fend off DDoS attacks. MAFIC works by judiciously issuing lightweight probes to flow sources to check if they are legitimate. Through such probing, MAFIC would drop malicious attack packets with high accuracy while minimizes the loss on legitimate traffic flows. Our NS-2 based simulation indicates that MAFIC algorithm drops packets from unresponsive potental attack flows with an accuracy as high as 99% and reduces the loss of legitimate flows to less than 3%. Furthermore, the false positive and negative rates are low-only around 1% for a majority of the cases.
Original language | English |
---|---|
DOIs | |
Publication status | Published - 2005 |
Externally published | Yes |
Event | 25th IEEE International Conference on Distributed Computing Systems Workshops, ICDCS 2005 - Columbus, OH, United States Duration: 6 Jun 2005 → 10 Jun 2005 |
Conference
Conference | 25th IEEE International Conference on Distributed Computing Systems Workshops, ICDCS 2005 |
---|---|
Country/Territory | United States |
City | Columbus, OH |
Period | 6/06/05 → 10/06/05 |
Keywords
- DDoS defense
- Duplicated ACKs
- Malicious flows
- Packet dropping policy
- Probing