--- _id: '3694' abstract: - lang: eng text: Distributed Denial of Service (DDoS) attacks are today the most destabilizing factor in the global internet and there is a strong need for sophisticated solutions. We introduce a formal statistical framework and derive a Bayes optimal packet classifier from it. Our proposed practical algorithm "Adaptive History-Based IP Filtering" (AHIF) mitigates DDoS attacks near the victim and outperforms existing methods by at least 32% in terms of collateral damage. Furthermore, it adjusts to the strength of an ongoing attack and ensures availability of the attacked server. In contrast to other adaptive solutions, firewall rulesets used to resist an attack can be precalculated before an attack takes place. This ensures an immediate response in a DDoS emergency. For evaluation, simulated DDoS attacks and two real-world user traffic datasets are used. author: - first_name: Markus full_name: Goldstein,Markus last_name: Goldstein - first_name: Christoph full_name: Christoph Lampert id: 40C20FD2-F248-11E8-B48F-1D18A9856A87 last_name: Lampert orcid: 0000-0001-8622-7887 - first_name: Matthias full_name: Reif,Matthias last_name: Reif - first_name: Armin full_name: Stahl,Armin last_name: Stahl - first_name: Thomas full_name: Breuel,Thomas M last_name: Breuel citation: ama: 'Goldstein M, Lampert C, Reif M, Stahl A, Breuel T. Bayes optimal DDoS mitigation by adaptive history-based IP filtering. In: IEEE; 2008:174-179. doi:10.1109/ICN.2008.64' apa: 'Goldstein, M., Lampert, C., Reif, M., Stahl, A., & Breuel, T. (2008). Bayes optimal DDoS mitigation by adaptive history-based IP filtering (pp. 174–179). Presented at the ICN: International Conference on Networking, IEEE. https://doi.org/10.1109/ICN.2008.64' chicago: Goldstein, Markus, Christoph Lampert, Matthias Reif, Armin Stahl, and Thomas Breuel. “Bayes Optimal DDoS Mitigation by Adaptive History-Based IP Filtering,” 174–79. IEEE, 2008. https://doi.org/10.1109/ICN.2008.64. ieee: 'M. Goldstein, C. Lampert, M. Reif, A. Stahl, and T. Breuel, “Bayes optimal DDoS mitigation by adaptive history-based IP filtering,” presented at the ICN: International Conference on Networking, 2008, pp. 174–179.' ista: 'Goldstein M, Lampert C, Reif M, Stahl A, Breuel T. 2008. Bayes optimal DDoS mitigation by adaptive history-based IP filtering. ICN: International Conference on Networking, 174–179.' mla: Goldstein, Markus, et al. Bayes Optimal DDoS Mitigation by Adaptive History-Based IP Filtering. IEEE, 2008, pp. 174–79, doi:10.1109/ICN.2008.64. short: M. Goldstein, C. Lampert, M. Reif, A. Stahl, T. Breuel, in:, IEEE, 2008, pp. 174–179. conference: name: 'ICN: International Conference on Networking' date_created: 2018-12-11T12:04:39Z date_published: 2008-04-13T00:00:00Z date_updated: 2021-01-12T07:49:01Z day: '13' doi: 10.1109/ICN.2008.64 extern: 1 main_file_link: - open_access: '0' url: http://pub.ist.ac.at/~chl/papers/goldstein-icn2008.pdf month: '04' page: 174 - 179 publication_status: published publisher: IEEE publist_id: '2671' quality_controlled: 0 status: public title: Bayes optimal DDoS mitigation by adaptive history-based IP filtering type: conference year: '2008' ...