University of Twente Student Theses


Impact-based optimisation of BGP Flowspec rules for DDoS attack mitigation

Bakker, D.R. (2019) Impact-based optimisation of BGP Flowspec rules for DDoS attack mitigation.

[img] PDF
Abstract:Distributed Denial of Service (DDoS) attacks aim to take Internet services offline and their frequency and scale is increasing. BGP Flowspec (RFC 5575) defines a protocol to rapidly deploy rules consisting of filters and actions on Internet traffic, and related research shows its potential for DDoS attack mitigation. The protocol allows for taking action on large volumes of traffic, but impact to end-users is imminent because of its low granularity in rule specification. In this paper, we provide a method for quantifying end-user impact of BGP Flowspec rules, including a practical solution to deploy rules into the network. The goal of this research is reducing end-user impact while mitigating an ongoing DDoS attack using BGP Flowspec.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page