1 research outputs found
Blocking DDoS attacks at the network level
Denial of service (DDoS) is a persistent and continuously growing problem. These
attacks are based on methods that flood the victim with messages that it did not request,
effectively exhausting its computational or bandwidth resources. The variety of attack
approaches is overwhelming and the current defense mechanisms are not completely
effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even
degrading the availability of critical or governmental services.
In this dissertation, we propose a new network level DDoS mitigation protocol that
iterates on previous attempts and uses proven mechanisms such as cryptographic challenges
and packet-tagging.
Our analysis of the previous attempts to solve this problem led to a ground-up design
of the protocol with adaptability in mind, trying to minimize deployment and adoption
barriers.
With this work we concluded that with software changes only on the communication
endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25
times more favourable than standard resource rate limiting (RRL) methods