Sleiman Itani

American University of Beirut, Beirut, Mohafazat Beyrouth, Lebanon

Are you Sleiman Itani?

Claim your profile

Publications (2)0 Total impact

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Summary form only given. Distributed Denials of Service (DDoS) attacks have become a real threat to the security of the Internet. Defending against DDoS is a challenging job, due to the use of IP spoofing and the destination-based routing of the Internet. Many solutions have been proposed, but none is able to completely stop an intense attack. In this paper, we propose a new defense mechanism, neighbor stranger discrimination (NSD), which is capable of stopping or significantly reducing the intensity of a DDoS attack. NSD can be incrementally deployed and satisfactory results are achieved even when it is implemented on a small percentage, 10% to 20%, of the Internet routers. The overhead of installing NSD on a certain router is low in terms of additional storage and processing load. Unlike other defense strategies, NSD produces no false positives while reducing false negatives. Being router-based, NSD also stops reflected DDoS attacks (RDDoS) since it discards the spoofed packets before they reach the reflectors.
    Computer Systems and Applications, 2005. The 3rd ACS/IEEE International Conference on; 02/2005
  • Source
    Najwa Aaaraj, Sleiman Itani, Darine Abdelahad
    [Show abstract] [Hide abstract]
    ABSTRACT: Distributed Denial of Service (DDoS) attacks have become a real threat to the security of the Internet. Defending against those types of attacks is not a trivial job, mainly due to the use of IP spoofing and the destination-based routing of the Internet. A significant number of solutions have been proposed, but none -to our knowledge- is able to stop an intense attack. In this paper we propose a new defense mechanism, Neighbor Stranger Discrimination (NSD), which, we believe, is capable of stopping or significantly reducing the intensity of a DDoS attack. NSD can be incrementally deployed and satisfactory results are achieved even when it is implemented on a small percentage of the Internet routers. The overload of installing NSD on a certain router is low in terms of additional storage and processing power. Unlike other defense strategies, NSD produces negligible false positives besides reducing false negatives. Being router-based, NSD also fights reflected DDOS attacks (RDDoS) since it discards the spoofed packets before they reach the reflectors. In the paper, we explain our approach theoretically and then we present the simulations we have run to test it.

Publication Stats

3 Citations

Top Journals

Institutions

  • 2005
    • American University of Beirut
      • Department of Electrical and Computer Engineering
      Beirut, Mohafazat Beyrouth, Lebanon