Defending against Distributed Denial of Service Attacks: Issues and Challenges

ABSTRACT

Distributed Denial of Service (DDoS) attacks on user machines, organizations, and infrastructures of the Internet have become highly publicized incidents and call for immediate solution. It is a complex and difficult problem characterized by an explicit attempt of the attackers to prevent access to resources by legitimate users for which they have authorization. Several schemes have been proposed on how to defend against these attacks, yet the problem still lacks a complete solution. The main purpose of this paper is therefore twofold. First is to present a comprehensive study of a wide range of DDoS attacks and defense methods proposed to combat them. This provides better understanding of the problem, current solution space, and future research scope to defend against DDoS attacks. Second is to propose an integrated solution for completely defending against flooding DDoS attacks at the Internet Service Provider (ISP) level.     

互联网密钥交换协议对DoS攻击的防范

首先从互联网密钥交换协议的工作原理着手,分析出存在着CPU和内存耗尽型DoS攻击的缺陷.并给出了Cookie机制和认证发起者两种方案来防范,接着对于互联网密钥交换协议第二版存在基于分片的DoS攻击的缺陷,采用增加IP地址分片重组列表的方案来进行抵御,这些进一步增强了互联网密钥交换协议的安全性.     

Guest Editor's Introduction: History of Informatics

The 2007 Methodic and Didactic Challenges of the History of Informatics (MEDICHI) workshop, at Austria's Klagenfurt University, focused on methodic and didactic questions of the history of computing. This issue presents highlights from that workshop.     

Guest Editor's Introduction: Getting More Out of Test

The 2006 IEEE International Test Conference (ITC) focused on the theme "Getting More Out of Test." This means ensuring product quality and reliability as cost efficiently as possible. In today's market environment, it also means taking test beyond its traditional role of separating good products from bad. The three articles in this special section, all written by well-received ITC 2006 authors, address ways to get more out of test. The first two articles provide specific examples of techniques for addressing the newly important diagnosis and debugging functions of test. The third article addresses test decision making more generally, and specifically suggests that exploring the psychology that underlies the decisions made by designers, DFT engineers, and test engineers could eventually help to get more out of test.     

Guest Editor's Introduction: The State of Web Security

Today's Internet is a rapidly evolving place. What were once the hot technologies (gopher, FTP, telnet) are quickly being replaced by others (RSS, AJAX, SOAP). Such is the same with security; whereas in the '90s most attacks targeted networks, today most target the applications that run on top of them.     

Guest Editor's Introduction: Examples of Management Decision Criteria

Consumer application chips are the technology drivers today. Their design and test require different types of optimizations to address, on the one hand, the technology challenges, and on the other, very high volume production. This will necessitate adopting emerging solutions to meet such requirements. Optimizing for high-volume production, low power, and shrinking sizes necessitates adequate trade-off analysis, along with technical and business decision making by management. Also, moving to new semiconductor technology nodes, such as 45 nm and 32 nm, can significantly affect the choices of suppliers. This special issue discusses these requirements and demonstrates corresponding management decision criteria to make the right choices from a pool of alternate options for flows, methodologies, tools, and IP blocks.     

Guest Editor's Introduction: Multimedia Authoring and Presentation Strategies,Tools, and Experiences

Multimedia Tools and Applications -     

Guest Editor's Introduction: Infrastructure Security--Reliability and Dependability of Critical Systems

This special issue of IEEE Security & Privacy focuses on the security, agility, and robustness of large-scale critical infrastructure. Specifically, it examines the challenges associated with infrastructure protection for enhanced system security, reliability, efficiency, and quality.     

Guest Editor's Introduction: Firmware the Lessons of Software Engineering

The term "software engineering" was first introduced nearly 10 years ago, at a NATO-sponsored conference held in October, 1968, in Garmish, Germany.1 Since that time, a variety of tools to assist in the specification, production, and management of reliable software have been proposed. 2 Although we are yet far from the visionary's goal of automatic generation of maintainable code, we are making progress.     

Guest Editor's Introduction: Perspectives on the History of Computer Games

[I]t is probable, but not proven, that play at video games accustoms the player to the kind of activity that computers also require. One must sit down in front of a computer-like object and manage it in much the same way by levers and controls that a computer is managed. As in the case of the computer, there is immediate feedback for right and wrong choices. The management system of both game and computer are thus similar. It would be surprising if skill at one did not transfer to skill at the other; or if the attitude of being at ease with one did not transfer to being at ease with the other. (pp. 73–74)1—Brian Sutton-Smith     

Guest Editor's Introduction: ITC Helps Get More Out of Test

This special section, along with the International Test Conference 2006, highlights the value that test adds to the electronics manufacturing business. It leads us to think about test in a whole new way.