Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Network Security of Internet Services: Eliminate DDoS Reflection Amplification Attacks
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.ORCID iD: 0000-0003-0593-1253
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science. Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Distance- Spanning Technology.ORCID iD: 0000-0003-0244-3561
2015 (English)In: Journal of Internet Services and Information Security (JISIS), ISSN 2182-2069, E-ISSN 2182-2077, Vol. 5, no 3, 58-79 p., 5Article in journal (Refereed) Published
Abstract [en]

Our research problem is that there are a large number of successful network reflection DDoS attacks. Via a UDP Reflection Attack, an attacker can send just 1 Gb/s of payload to innocent servers, and it is these servers which then can send over 4,600 times the payload to the victim! There are very expensive and complex solutions in use today, however most all of these on premise solutions can be easily circumvented. The academic community has not adequately addressed this research problem. We have created a new Internet services network security surface attack mitigation methodology. Our novel design patterns will help organizations improve the price/performance of their anti-network reflection solution by 100 times, as compared to common on premise solutions. Our analysis and results confirm that our solution is viable. Our novel solution is based on stateless IP packet header filtering firewalls (which can be implemented mostly in hardware due to their simplicity). We have reduced and in some cases eliminated the need for researchers to even try and find new ways to filter the same traffic via more complex, software driven stateful solutions.

Place, publisher, year, edition, pages
2015. Vol. 5, no 3, 58-79 p., 5
Keyword [en]
Information technology - Computer science
Keyword [sv]
Informationsteknik - Datorvetenskap
National Category
Information Systems, Social aspects Media and Communication Technology
Research subject
Information systems; Mobile and Pervasive Computing; Enabling ICT (AERI)
Identifiers
URN: urn:nbn:se:ltu:diva-9624Local ID: 84959c3c-838f-4ff8-84d3-222e9c8f0e07OAI: oai:DiVA.org:ltu-9624DiVA: diva2:982562
Note

Validerad; 2015; Nivå 1; 20150827 (todboo)

Available from: 2016-09-29 Created: 2016-09-29 Last updated: 2017-12-15Bibliographically approved

Open Access in DiVA

fulltext(287 kB)178 downloads
File information
File name FULLTEXT01.pdfFile size 287 kBChecksum SHA-512
f5776362c9e781aa5249db6c611748be1a656dac133634d44d70fed4235f6a22022e390448e81a20f477e634df98e42997eefead95b0dca4be6d607a211b64fd
Type fulltextMimetype application/pdf

Other links

http://www.jisis.org/vol5no3.php

Search in DiVA

By author/editor
Booth, ToddAndersson, Karl
By organisation
Computer ScienceDistance- Spanning Technology
In the same journal
Journal of Internet Services and Information Security (JISIS)
Information Systems, Social aspectsMedia and Communication Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 178 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 569 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf