Return to search

IP traceback marking scheme based DDoS defense.

Ping Yan. / Thesis submitted in: December 2004. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 93-100). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- INTRODUCTION --- p.1 / Chapter 1.1 --- The Problem --- p.1 / Chapter 1.2 --- Research Motivations and Objectives --- p.3 / Chapter 1.3 --- The Rationale --- p.8 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- BACKGROUND STUDY --- p.10 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.10 / Chapter 2.1.1 --- Taxonomy of DoS and DDoS Attacks --- p.13 / Chapter 2.2 --- IP Traceback --- p.17 / Chapter 2.2.1 --- Assumptions --- p.18 / Chapter 2.2.2 --- Problem Model and Performance Metrics --- p.20 / Chapter 2.3 --- IP Traceback Proposals --- p.24 / Chapter 2.3.1 --- Probabilistic Packet Marking (PPM) --- p.24 / Chapter 2.3.2 --- ICMP Traceback Messaging --- p.26 / Chapter 2.3.3 --- Logging --- p.27 / Chapter 2.3.4 --- Tracing Hop-by-hop --- p.29 / Chapter 2.3.5 --- Controlled Flooding --- p.30 / Chapter 2.4 --- DDoS Attack Countermeasures --- p.30 / Chapter 2.4.1 --- Ingress/Egress Filtering --- p.33 / Chapter 2.4.2 --- Route-based Distributed Packet Filtering (DPF) --- p.34 / Chapter 2.4.3 --- IP Traceback Based Intelligent Packet Filtering --- p.35 / Chapter 2.4.4 --- Source-end DDoS Attack Recognition and Defense --- p.36 / Chapter 2.4.5 --- Classification of DDoS Defense Methods --- p.38 / Chapter 3 --- ADAPTIVE PACKET MARKING SCHEME --- p.41 / Chapter 3.1 --- Scheme Overview --- p.41 / Chapter 3.2 --- Adaptive Packet Marking Scheme --- p.44 / Chapter 3.2.1 --- Design Motivation --- p.44 / Chapter 3.2.2 --- Marking Algorithm Basics --- p.46 / Chapter 3.2.3 --- Domain id Marking --- p.49 / Chapter 3.2.4 --- Router id Marking --- p.51 / Chapter 3.2.5 --- Attack Graph Reconstruction --- p.53 / Chapter 3.2.6 --- IP Header Overloading --- p.56 / Chapter 3.3 --- Experiments on the Packet Marking Scheme --- p.59 / Chapter 3.3.1 --- Simulation Set-up --- p.59 / Chapter 3.3.2 --- Experimental Results and Analysis --- p.61 / Chapter 4 --- DDoS DEFENSE SCHEMES --- p.67 / Chapter 4.1 --- Scheme I: Packet Filtering at Victim-end --- p.68 / Chapter 4.1.1 --- Packet Marking Scheme Modification --- p.68 / Chapter 4.1.2 --- Packet Filtering Algorithm --- p.69 / Chapter 4.1.3 --- Determining the Filtering Probabilities --- p.70 / Chapter 4.1.4 --- Suppressing Packets Filtering with did Markings from Nearby Routers --- p.73 / Chapter 4.2 --- Scheme II: Rate Limiting at the Sources --- p.73 / Chapter 4.2.1 --- Algorithm of the Rate-limiting Scheme --- p.74 / Chapter 4.3 --- Performance Measurements for Scheme I & Scheme II . --- p.77 / Chapter 5 --- CONCLUSION --- p.87 / Chapter 5.1 --- Contributions --- p.87 / Chapter 5.2 --- Discussion and Future Work --- p.91 / Bibliography --- p.100

Identiferoai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_325173
Date January 2005
ContributorsYan, Ping., Chinese University of Hong Kong Graduate School. Division of Computer Science and Engineering.
Source SetsThe Chinese University of Hong Kong
LanguageEnglish, Chinese
Detected LanguageEnglish
TypeText, bibliography
Formatprint, xi, 100 leaves : ill. ; 30 cm.
RightsUse of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Page generated in 0.0022 seconds