PacketScore: A Statistical Packet Filtering Scheme against Distributed Denial-of-Service Attacks
IEEE INFOCOM
2004
- 1Usage
Metric Options: CountsSelecting the 1-year or 3-year option will change the metrics count to percentiles, illustrating how an article or review compares to other articles or reviews within the selected time period in the same journal. Selecting the 1-year option compares the metrics against other articles/reviews that were also published in the same calendar year. Selecting the 3-year option compares the metrics against other articles/reviews that were also published in the same calendar year plus the two years prior.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Metrics Details
- Usage1
- Abstract Views1
Article Description
Dwtributed Denial of Service @Dos) attack is a critical threat to the Internet Currently, most ISPs merely rely on manual detection of DhS attacks after which amine linegrain trallic analysis is performed and new Ptering rules are installed manually to the routers The need of human intervention results in poor response time and fails to protect the victim before severe damages are realized The expressiveness of existing tiltering rules is also too limited and rigid when compared to the ever-evolving characteristics of the attacking packets. Recently, we have proposed a DhS defense architecture that supports distributed detection and automated on-line attack characterizatioa In this paper, we will focus on the design and evaluation of the automated attack characterization, selective packet discarding and overload control portion of the proposed architecture. Our key idea is to prioritize packeb based on a perpacket score which estimates the legitimacy of a packet given the amibute values it carries. Special considerations are made to ensure that the scheme is amenable to high-sped hardware implementation. Once the score of a packet is computed, we perform score-based selective packet discarding where the dropping threshold is dynamically adjusted based on (1) the score distribution of recent incoming packets and (2) the current level of overload of the system.
Bibliographic Details
Provide Feedback
Have ideas for a new metric? Would you like to see something else here?Let us know