Abstract

Internet-wide threat. We propose DW ARD, a DDoS defense system deployed at source-end networks that au-tonomously detects and stops attacks originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between the network and the rest of the Internet and periodic comparison with normal flow models. Mismatching flows are rate-limited in proportion to their aggressiveness. D-WARD offers good service to legitimate traffic even during an attack, while effectively re-ducing DDoS traffic to a negligible level. A prototype of the system has been built in a Linux router. We show its effectiveness in various attack scenarios, discuss motivations for deployment, and describe associated costs.

Date

2002

Authors

J Mirkovic G Prier, Peter Reiher

Journal

Proc. of the 10th IEEE International Conference on Network Protocols

Pages

312-321