Denial of service attacks, viruses and worms are common tools for
malicious adversarial behavior in networks. Experience shows that
over the last few years several of these techniques have probably
been used by governments to impair the Internet communications of
various entities, and we can expect that these and other
information warfare tools will be used increasingly as part of
hostile behavior either independently, or in conjunction with
other forms of attack in conventional or asymmetric warfare, as
well as in other forms of malicious behavior. In this paper we
concentrate on Distributed Denial of Service Attacks (DDoS) where
one or more attackers generate flooding traffic and direct it from
multiple sources towards a set of selected nodes or IP addresses
in the Internet. We first briefly survey the literature on the
subject, and discuss some examples of DDoS incidents. We then
present a technique that can be used for DDoS protection based on
creating islands of protection around a critical information
infrastructure. This technique, that we call the CPN-DoS-DT
(Cognitive Packet Networks DoS Defence Technique), creates a
self-monitoring sub-network surrounding each critical
infrastructure node. CPN-DoS-DT is triggered by a DDoS detection
scheme, and generates control traffic from the objects of the DDoS
attack to the islands of protection where DDOS packet flows are
destroyed before they reach the critical infrastructure. We use
mathematical modelling, simulation and experiments on our test-bed
to show the positive and negative outcomes that may result from
both the attack, and the CPN-DoS-DT protection mechanism, due to
imperfect detection and false alarms.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.