A source-end defense system against DDoS attacks

Fu Yuan Lee, Shiuh-Pyng Shieh, Jui Ting Shieh, Sheng Hsuan Wang

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Scopus citations


In this paper, a DDoS defense scheme is proposed to deploy in routers serving as the default gateways of sub-networks. Each router is configured with the set of IP addresses belonging to monitored sub-networks. By monitoring two-way connections between the policed set of IP addresses and the rest of the Intemet, our approach can effectively identify malicious network flows constituting DDoS attacks, and consequently restrict attack traffics with rate-limiting techniques. Current source-end DDoS defense scheme cannot accurately distinguish between network congestion caused by a DDoS attack and that caused by regular events. Under some circumstances, both false positive and false negative can be high, and this reduces the effectiveness of the defense mechanism. To improve the effectiveness, new DDoS detection algorithms are presented in this paper to complement, rather than replace existing source-end DDoS defense systems. The design of the proposed detection algorithm is based on three essential characteristics of DDoS attacks: distribution, congestion, and continuity. With the three characteristics, the proposed detection algorithm significantly improves detection accuracy, and at the same time reduces both false positive and false negative against DDoS attacks.

Original languageEnglish
Title of host publicationComputer Security in the 21st Century
PublisherSpringer US
Number of pages22
ISBN (Print)9780387240053
StatePublished - 1 Dec 2005


  • DoS/DDoS attacks
  • information warfare
  • source-end defense

Fingerprint Dive into the research topics of 'A source-end defense system against DDoS attacks'. Together they form a unique fingerprint.

  • Cite this

    Lee, F. Y., Shieh, S-P., Shieh, J. T., & Wang, S. H. (2005). A source-end defense system against DDoS attacks. In Computer Security in the 21st Century (pp. 147-168). Springer US. https://doi.org/10.1007/0-387-24006-3_10