Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.3.679

The Design of Anti-DDoS System using Defense on Depth  

Seo, Jin-Won (eBay Inc.)
Kwak, Jin (Department of Information Security Engineering, Soonchunhyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.3, 2012 , pp. 679-689 More about this Journal
Abstract
There were clear differences between the DDoS attack on 7th July 2009 and the rest of them prior to the attack. Despite It had emitted relatively small sized packets per infected PC, the attack was very successful making use of HTTP Flooding attack by aggregating small sized packets from the well sized zombie network. As the objective of the attack is not causing permanent damage to the target system but temporal service disruption, one should ensure the availability of the target server by deploying effective defense strategy. In this paper, a novel HTTP based DDoS defense mechanism is introduced with capacity based defense-in-depth strategy.
Keywords
DDoS; Defense-in-Depth; L3/L7 Layer defense;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Jelena Mirkovic and Peter Reiher, "A Taxonomy of DDoS Attack and DDoS Defense Mechanisms," ACM SIGCOMM Computer Communication Review, pp. 39-32, Apr. 2004.
2 구자현, "서비스 거부 공격(Denial of Service)의 유형 및 대응," 주간기술동향, 1377호, pp. 6, 2008.
3 김정윤, 최형기, "분산 서비스 거부 공격과 그 특징에 관한 연구," 제27회 한국정보처리학회 춘계학술 발표대회, 14권, 1호, pp.1060-1062, 2007.
4 인터넷침해사고대응지원센터, "분산서비스 거부 공격 차단 및 분석기술," KRCERT-TR-2004, 한국정보보호진흥원, pp. 17, 2004.
5 George Oikonomou, Jelena Mirkovic, Peter Reiher, and Max Robinson, "A Framework for A Collaborative DDoS Defense," Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 33-42, Dec. 2006.
6 Eric Y. Chen, "AEGIS: An Active-Network-Powered Defense Mechanism against DDoS Attacks," IWAN2001, 92001.
7 Wei Zhang, Shize Guo, Kangfeng Zheng, and Yixian Yang, "A Defending Mechanism against DDoS Based on Registration and Authentication," The 9th International Conference for Young Computer Scientists, pp. 2192-2197, Nov. 2008,
8 Cheol-Joo Chae, Seoung-Hyeon Lee, Jae-Seung Lee, and Jae-Kwang Lee, "A Study of Defense DDoS Attacks using IP Traceback," 2007 International Conference on Intelligent Pervasive Computing, pp. 402-408, Oct. 2007.
9 "전문공격단체를 이용한 청부형 DDoS 공격과 대응," 인터넷침해사고 동향 및 분석월보 한국인터넷 진흥원, pp. 30-38, 2011년 3월.
10 "DDoS 대응장비 보안기능 요구사항", IT보안 인증사무국, pp. 3 2010. 1.
11 오진태, 박동규, 장종수, 류재철, "사용자 의도 기반 응용계층 DDoS공격 탐지 알고리즘," 정보보호학회논문지, 21(1), pp. 39-52, 2011.
12 이재광, "DDoS 사이버대피소 & 대용량 패킷분석," 코드케이드2011 트레이닝코스 발표, pp. 22-68. 2011.
13 CAPTCHA, http://ko.wikipedia.org/wiki/CAPTCHA, 2012. 4.