posted on 2017-12-06, 00:00authored byYang Xiang, W Zhou
Distributed Denial of Service (DDoS) attack is currently a serious problem in the Internet. It is characterized by an explicit attempt by an attacker to prevent legitimate users of a service from using the desired resource. The counter measures have been researched for some years, which can be classified into two categories, one is passive, and the other is active. We conclude that most current defense measures are passive, that is, the defense actions are taken only after the DDoS attacks are launched. Therefore, more or less, the target host or network is harmed before the attack source(s) can be found and controlled. Current passive defense techniques and their limitations are analyzed. We discuss some passive mechanisms such as traffic monitoring, filtering, and congestion control. After that, we propose a novel concept of active defense against DDoS attacks. This is a new point of view to treat the problem of defeating the infamous DDoS attacks on the Internet. It has numerous of advantages over conventional passive defense mechanisms. As an example of active defense, we introduce the Distributed Active Defense System (DADS) project at Deakin University. Challenges and future work of active defense against DDoS is discussed in the later part.
Funding
Category 1 - Australian Competitive Grants (this includes ARC, NHMRC)
History
Editor
Quigley M
Parent Title
Encyclopedia of information ethics and security
Start Page
121
End Page
129
Number of Pages
9
ISBN-13
9781591409878
Publisher
IGI
Place of Publication
Hershley, New York
Open Access
No
External Author Affiliations
Deakin University; Faculty of Business and Informatics;