An empirical study of denial of service mitigation techniques

Gal Badishi, Amir Herzberg, Idit Keidar, Oleg Romanov, Avital Yachin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

We present an empirical study of the resistance of several protocols to denial of service (DoS) attacks on client-server communication. We show that protocols that use authentication alone, e.g., IPSec, provide protection to some extent, but are still susceptible to DoS attacks, even when the network is not congested. In contrast, a protocol that uses a changing filtering identifier (FI) is usually immune to DoS attacks, as long as the network itself is not congested. This approach is called FI hopping. We build and experiment with two prototype implementations of FI hopping. One implementation is a modification of IPSec in a Linux kernel, and a second implementation comes as an NDIS hook driver on a Windows machine. We present results of experiments in which client-server communication is subject to a DoS-attack. Our measurements illustrate that FI hopping withstands severe DoS attacks without hampering the client-server communication. Moreover, our implementations show that FI hopping is simple, practical, and easy to deploy.

Original languageEnglish
Title of host publicationProceedings of the 27th IEEE International Symposium on Reliable Distributed Systems, SRDS 2008
PublisherIEEE Computer Society
Pages115-124
Number of pages10
ISBN (Print)9780769534107
DOIs
StatePublished - 2008
Event27th IEEE International Symposium on Reliable Distributed Systems, SRDS 2008 - Napoli, Italy
Duration: 6 Oct 20088 Oct 2008

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Conference

Conference27th IEEE International Symposium on Reliable Distributed Systems, SRDS 2008
Country/TerritoryItaly
CityNapoli
Period6/10/088/10/08

Fingerprint

Dive into the research topics of 'An empirical study of denial of service mitigation techniques'. Together they form a unique fingerprint.

Cite this