Active countermeasure platform against DDoS attacks

Dai Kashiwa, Eric Y. Chen, Hitoshi Fuji, Shuichi Machida, Hiroshi Shigeno, Ken Ichi Okada, Yutaka Matsushita

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem." that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.

Original languageEnglish
Pages (from-to)1918-1928
Number of pages11
JournalIEICE Transactions on Information and Systems
VolumeE85-D
Issue number12
Publication statusPublished - 2002 Dec

Fingerprint

Electronic crime countermeasures
Active networks
Traffic congestion
Servers
Systems analysis
Internet
Bandwidth
Denial-of-service attack

Keywords

  • Active networks
  • DDoS attack
  • Network architecture
  • Policy-based shaping
  • Traffic shaping

ASJC Scopus subject areas

  • Computer Graphics and Computer-Aided Design
  • Information Systems
  • Software

Cite this

Kashiwa, D., Chen, E. Y., Fuji, H., Machida, S., Shigeno, H., Okada, K. I., & Matsushita, Y. (2002). Active countermeasure platform against DDoS attacks. IEICE Transactions on Information and Systems, E85-D(12), 1918-1928.

Active countermeasure platform against DDoS attacks. / Kashiwa, Dai; Chen, Eric Y.; Fuji, Hitoshi; Machida, Shuichi; Shigeno, Hiroshi; Okada, Ken Ichi; Matsushita, Yutaka.

In: IEICE Transactions on Information and Systems, Vol. E85-D, No. 12, 12.2002, p. 1918-1928.

Research output: Contribution to journalArticle

Kashiwa, D, Chen, EY, Fuji, H, Machida, S, Shigeno, H, Okada, KI & Matsushita, Y 2002, 'Active countermeasure platform against DDoS attacks', IEICE Transactions on Information and Systems, vol. E85-D, no. 12, pp. 1918-1928.
Kashiwa D, Chen EY, Fuji H, Machida S, Shigeno H, Okada KI et al. Active countermeasure platform against DDoS attacks. IEICE Transactions on Information and Systems. 2002 Dec;E85-D(12):1918-1928.
Kashiwa, Dai ; Chen, Eric Y. ; Fuji, Hitoshi ; Machida, Shuichi ; Shigeno, Hiroshi ; Okada, Ken Ichi ; Matsushita, Yutaka. / Active countermeasure platform against DDoS attacks. In: IEICE Transactions on Information and Systems. 2002 ; Vol. E85-D, No. 12. pp. 1918-1928.
@article{3cb72802f0bd4221920d673d2aaee707,
title = "Active countermeasure platform against DDoS attacks",
abstract = "Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause {"}collateral victims problem.{"} that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.",
keywords = "Active networks, DDoS attack, Network architecture, Policy-based shaping, Traffic shaping",
author = "Dai Kashiwa and Chen, {Eric Y.} and Hitoshi Fuji and Shuichi Machida and Hiroshi Shigeno and Okada, {Ken Ichi} and Yutaka Matsushita",
year = "2002",
month = "12",
language = "English",
volume = "E85-D",
pages = "1918--1928",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "12",

}

TY - JOUR

T1 - Active countermeasure platform against DDoS attacks

AU - Kashiwa, Dai

AU - Chen, Eric Y.

AU - Fuji, Hitoshi

AU - Machida, Shuichi

AU - Shigeno, Hiroshi

AU - Okada, Ken Ichi

AU - Matsushita, Yutaka

PY - 2002/12

Y1 - 2002/12

N2 - Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem." that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.

AB - Distributed Denial of Service (DDoS) attacks are a pressing problem on the Internet as demonstrated by recent attacks on major e-commerce servers and ISPs. Since the attack is highly distributed, an effective solution must be formulated with a distributed approach. Recently, some solutions, in which intermediate network nodes filter or shape congested traffic, have been proposed. These solutions may decrease the congested traffic, but they still cause "collateral victims problem." that is, legitimate packets may be discarded mistakenly. In this paper, we propose Active Countermeasure Platform to minimize traffic congestion and to address the collateral victim problem using the Active Networks paradigm, which incorporates programmability into intermediate network nodes. Our platform can prevent overloading of the target and consuming the network bandwidth of both the backbone and the protected site autonomously. In addition, it can improve the collateral victim problem based on user policy. This paper shows the concept of our platform, system design and evaluation of the effectiveness using a prototype.

KW - Active networks

KW - DDoS attack

KW - Network architecture

KW - Policy-based shaping

KW - Traffic shaping

UR - http://www.scopus.com/inward/record.url?scp=0037002097&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0037002097&partnerID=8YFLogxK

M3 - Article

VL - E85-D

SP - 1918

EP - 1928

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

SN - 0916-8532

IS - 12

ER -