In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection

6Citations
Citations of this article
16Readers
Mendeley users who have this article in their library.
Get full text

Abstract

A recent trend to mitigate large-scale distributed denial-of-service (DDoS) attacks is in-network filtering, where victims can deploy traffic-filtering rules in networks other than their own. However, given multiple constraints, such as the number of rules a victim can afford to deploy, the set of rules that DDoS defense entities allow a victim to deploy, and the amount of collateral damage to limit, the selection of rules has a large impact on the efficacy of an in-network filtering solution. In this paper, we introduce a new, offer-based operational model for in-network DDoS defense and formulate the NP-hard rule selection problem for this model. We then design an algorithm that overcomes the fundamental limitations of the classical ACO framework and transform it with several key changes to make it applicable to the domain of in-network DDoS defense. Finally, we use a real-world-based Internet routing topology and two real-world DDoS traces, along with one synthetic trace that follows the attack distribution of the recent Mirai DDoS attack, to evaluate the efficacy and runtime of our algorithm against four other rule selection algorithms, and show our algorithm is near-optimal.

References Powered by Scopus

OpenFlow: Enabling Innovation in Campus Networks

7354Citations
N/AReaders
Get full text

Ant colony optimization theory: A survey

1950Citations
N/AReaders
Get full text

Content-addressable memory (CAM) circuits and architectures: A tutorial and survey

1027Citations
N/AReaders
Get full text

Cited by Powered by Scopus

A comprehensive survey on DDoS defense systems: New trends and challenges

26Citations
N/AReaders
Get full text

Colibri: A cooperative lightweight inter-domain bandwidth-reservation infrastructure

18Citations
N/AReaders
Get full text

DDoS family: A novel perspective for massive types of DDoS attacks

10Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Sisodia, D., Li, J., & Jiao, L. (2020). In-Network Filtering of Distributed Denial-of-Service Traffic with Near-Optimal Rule Selection. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 (pp. 153–164). Association for Computing Machinery, Inc. https://doi.org/10.1145/3320269.3384755

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 5

63%

Researcher 2

25%

Lecturer / Post doc 1

13%

Readers' Discipline

Tooltip

Computer Science 6

67%

Medicine and Dentistry 1

11%

Physics and Astronomy 1

11%

Economics, Econometrics and Finance 1

11%

Save time finding and organizing research with Mendeley

Sign up for free