Blocking DDoS attacks at the network level
Autor(a) principal: | |
---|---|
Data de Publicação: | 2018 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10362/55170 |
Resumo: | Denial of service (DDoS) is a persistent and continuously growing problem. These attacks are based on methods that flood the victim with messages that it did not request, effectively exhausting its computational or bandwidth resources. The variety of attack approaches is overwhelming and the current defense mechanisms are not completely effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even degrading the availability of critical or governmental services. In this dissertation, we propose a new network level DDoS mitigation protocol that iterates on previous attempts and uses proven mechanisms such as cryptographic challenges and packet-tagging. Our analysis of the previous attempts to solve this problem led to a ground-up design of the protocol with adaptability in mind, trying to minimize deployment and adoption barriers. With this work we concluded that with software changes only on the communication endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25 times more favourable than standard resource rate limiting (RRL) methods. |
id |
RCAP_8c5e0b321c472f5cf59db7d7aacb4c64 |
---|---|
oai_identifier_str |
oai:run.unl.pt:10362/55170 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Blocking DDoS attacks at the network levelDenial of ServiceSpoofingDDoS defense mechanismsCryptographic challengesDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaDenial of service (DDoS) is a persistent and continuously growing problem. These attacks are based on methods that flood the victim with messages that it did not request, effectively exhausting its computational or bandwidth resources. The variety of attack approaches is overwhelming and the current defense mechanisms are not completely effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even degrading the availability of critical or governmental services. In this dissertation, we propose a new network level DDoS mitigation protocol that iterates on previous attempts and uses proven mechanisms such as cryptographic challenges and packet-tagging. Our analysis of the previous attempts to solve this problem led to a ground-up design of the protocol with adaptability in mind, trying to minimize deployment and adoption barriers. With this work we concluded that with software changes only on the communication endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25 times more favourable than standard resource rate limiting (RRL) methods.Martins, JoséRUNRodrigues, Diogo Carvalho2018-12-20T15:08:08Z2018-0720182018-07-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10362/55170enginfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-11T04:26:57Zoai:run.unl.pt:10362/55170Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:32:50.439574Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Blocking DDoS attacks at the network level |
title |
Blocking DDoS attacks at the network level |
spellingShingle |
Blocking DDoS attacks at the network level Rodrigues, Diogo Carvalho Denial of Service Spoofing DDoS defense mechanisms Cryptographic challenges Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
title_short |
Blocking DDoS attacks at the network level |
title_full |
Blocking DDoS attacks at the network level |
title_fullStr |
Blocking DDoS attacks at the network level |
title_full_unstemmed |
Blocking DDoS attacks at the network level |
title_sort |
Blocking DDoS attacks at the network level |
author |
Rodrigues, Diogo Carvalho |
author_facet |
Rodrigues, Diogo Carvalho |
author_role |
author |
dc.contributor.none.fl_str_mv |
Martins, José RUN |
dc.contributor.author.fl_str_mv |
Rodrigues, Diogo Carvalho |
dc.subject.por.fl_str_mv |
Denial of Service Spoofing DDoS defense mechanisms Cryptographic challenges Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
topic |
Denial of Service Spoofing DDoS defense mechanisms Cryptographic challenges Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática |
description |
Denial of service (DDoS) is a persistent and continuously growing problem. These attacks are based on methods that flood the victim with messages that it did not request, effectively exhausting its computational or bandwidth resources. The variety of attack approaches is overwhelming and the current defense mechanisms are not completely effective. In today’s internet, a multitude of DDoS attacks occur everyday, some even degrading the availability of critical or governmental services. In this dissertation, we propose a new network level DDoS mitigation protocol that iterates on previous attempts and uses proven mechanisms such as cryptographic challenges and packet-tagging. Our analysis of the previous attempts to solve this problem led to a ground-up design of the protocol with adaptability in mind, trying to minimize deployment and adoption barriers. With this work we concluded that with software changes only on the communication endpoints, it is possible to mitigate the most used DDoS attacks with results up to 25 times more favourable than standard resource rate limiting (RRL) methods. |
publishDate |
2018 |
dc.date.none.fl_str_mv |
2018-12-20T15:08:08Z 2018-07 2018 2018-07-01T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10362/55170 |
url |
http://hdl.handle.net/10362/55170 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799137950195253248 |