---
_id: '3694'
abstract:
- lang: eng
text: Distributed Denial of Service (DDoS) attacks are today the most destabilizing
factor in the global internet and there is a strong need for sophisticated solutions.
We introduce a formal statistical framework and derive a Bayes optimal packet
classifier from it. Our proposed practical algorithm "Adaptive History-Based
IP Filtering" (AHIF) mitigates DDoS attacks near the victim and outperforms
existing methods by at least 32% in terms of collateral damage. Furthermore, it
adjusts to the strength of an ongoing attack and ensures availability of the attacked
server. In contrast to other adaptive solutions, firewall rulesets used to resist
an attack can be precalculated before an attack takes place. This ensures an immediate
response in a DDoS emergency. For evaluation, simulated DDoS attacks and two real-world
user traffic datasets are used.
author:
- first_name: Markus
full_name: Goldstein,Markus
last_name: Goldstein
- first_name: Christoph
full_name: Christoph Lampert
id: 40C20FD2-F248-11E8-B48F-1D18A9856A87
last_name: Lampert
orcid: 0000-0001-8622-7887
- first_name: Matthias
full_name: Reif,Matthias
last_name: Reif
- first_name: Armin
full_name: Stahl,Armin
last_name: Stahl
- first_name: Thomas
full_name: Breuel,Thomas M
last_name: Breuel
citation:
ama: 'Goldstein M, Lampert C, Reif M, Stahl A, Breuel T. Bayes optimal DDoS mitigation
by adaptive history-based IP filtering. In: IEEE; 2008:174-179. doi:10.1109/ICN.2008.64'
apa: 'Goldstein, M., Lampert, C., Reif, M., Stahl, A., & Breuel, T. (2008).
Bayes optimal DDoS mitigation by adaptive history-based IP filtering (pp. 174–179).
Presented at the ICN: International Conference on Networking, IEEE. https://doi.org/10.1109/ICN.2008.64'
chicago: Goldstein, Markus, Christoph Lampert, Matthias Reif, Armin Stahl, and Thomas
Breuel. “Bayes Optimal DDoS Mitigation by Adaptive History-Based IP Filtering,”
174–79. IEEE, 2008. https://doi.org/10.1109/ICN.2008.64.
ieee: 'M. Goldstein, C. Lampert, M. Reif, A. Stahl, and T. Breuel, “Bayes optimal
DDoS mitigation by adaptive history-based IP filtering,” presented at the ICN:
International Conference on Networking, 2008, pp. 174–179.'
ista: 'Goldstein M, Lampert C, Reif M, Stahl A, Breuel T. 2008. Bayes optimal DDoS
mitigation by adaptive history-based IP filtering. ICN: International Conference
on Networking, 174–179.'
mla: Goldstein, Markus, et al. Bayes Optimal DDoS Mitigation by Adaptive History-Based
IP Filtering. IEEE, 2008, pp. 174–79, doi:10.1109/ICN.2008.64.
short: M. Goldstein, C. Lampert, M. Reif, A. Stahl, T. Breuel, in:, IEEE, 2008,
pp. 174–179.
conference:
name: 'ICN: International Conference on Networking'
date_created: 2018-12-11T12:04:39Z
date_published: 2008-04-13T00:00:00Z
date_updated: 2021-01-12T07:49:01Z
day: '13'
doi: 10.1109/ICN.2008.64
extern: 1
main_file_link:
- open_access: '0'
url: http://pub.ist.ac.at/~chl/papers/goldstein-icn2008.pdf
month: '04'
page: 174 - 179
publication_status: published
publisher: IEEE
publist_id: '2671'
quality_controlled: 0
status: public
title: Bayes optimal DDoS mitigation by adaptive history-based IP filtering
type: conference
year: '2008'
...