File(s) not publicly available

Defending against Distributed Denial of Service

posted on 2017-12-06, 00:00 authored by Yang Xiang, W Zhou
Distributed Denial of Service (DDoS) attack is currently a serious problem in the Internet. It is characterized by an explicit attempt by an attacker to prevent legitimate users of a service from using the desired resource. The counter measures have been researched for some years, which can be classified into two categories, one is passive, and the other is active. We conclude that most current defense measures are passive, that is, the defense actions are taken only after the DDoS attacks are launched. Therefore, more or less, the target host or network is harmed before the attack source(s) can be found and controlled. Current passive defense techniques and their limitations are analyzed. We discuss some passive mechanisms such as traffic monitoring, filtering, and congestion control. After that, we propose a novel concept of active defense against DDoS attacks. This is a new point of view to treat the problem of defeating the infamous DDoS attacks on the Internet. It has numerous of advantages over conventional passive defense mechanisms. As an example of active defense, we introduce the Distributed Active Defense System (DADS) project at Deakin University. Challenges and future work of active defense against DDoS is discussed in the later part.


Category 1 - Australian Competitive Grants (this includes ARC, NHMRC)



Quigley M

Parent Title

Encyclopedia of information ethics and security

Start Page


End Page


Number of Pages






Place of Publication

Hershley, New York

Open Access

  • No

External Author Affiliations

Deakin University; Faculty of Business and Informatics;

Era Eligible

  • No

Number of Chapters