Taksonomi Mekanisme Pertahanan DDoS

Klasifikasi berdasarkan Level Aktifitas

  1. Mekanisme Preventif
  2. Mekanisme Reaktif

Mekanisme Preventif dapat dibagi menjadi :

  1. Mekanisme Pencegahan Serangan
  2. Mekanisme Pencegahan DoS

Mekanisme Pencegahan Serangan dapat dibagi menjadi :

  • Klasifikasi Pengamanan Target
  1. Mekanisme Keamanan Sistem
  2. Mekanisme Keamanan Protokol

Mekanisme Pencegahan DoS dapat dibagi menjadi :

  • Klasifikasi Metode Pencegahan
  1. Mekanisme Akunting Sumber Daya
  2. Mekanisme Penggandaan Sumber Daya

Mekanisme Reaktif dapat dibagi menjadi :

  • Klasifikasi Berdasarkan Strategi Deteksi
  1. Mekanisme dengan Deteksi Pola Serangan
  2. Mekanisme dengan Deteksi Anomali Serangan
  3. Mekanisme dengan Deteksi Hybrid Serangan
  4. Mekanisme dengan Deteksi Serangan Pihak Ketiga
  • Klasifikasi berdasarkan Strategi Respon
  1. Mekanisme Deteksi Agen
  2. Mekanisme Pembatasan Rate
  3. Mekanisme Filtering
  4. Mekanisme Rekonfigurasi
  • Klasifikasi berdasarkan Tingkat Kerjasama
  1. Mekanisme Otonomi
  2. Mekanisme Kooperatif
  3. Mekanisme Saling Keterkaitan

Klasifikasi lain adalah berdasarkan  Lokasi Penyebaran

  1. Mekanisme Jaringan Korban
  2. Mekanisme Jaringan Perantara
  3. Mekanisme Jaringan Sumber

Beberapa Referensi Lebih Jauh :

  • Tripwire, “Tripwire for Server”, http://www.tripwire.com/products/servers
  • McAfee,”Personal Firewall”, http://www.mcafee.com/myapps/firewall/ov_firewall.asp
  • McAfee,”VirusScan Online,” http://www.mcafee.com/myapps/vso/default.asp
  • S. Axelsson, “Intrusion detection systems: A survey and taxonomy,” Technical Report 99-15, Department of Computer Engineering, Chalmers University, March 2000.
  • Cisco, “Strategies to protect against distributed denial of service attacks,” http://www.cisco.com/warp/public/707/newsflash.html
  • J. Shapiro and N. Hardy, “EROS: A principle-driven operating system from the ground up,” IEEE Software, pp. 26-33, January/February 2002
  • E.O’Brien,”NetBouncer : A practical client-legitimacy-based DDoS defense via ingress filtering,”http://www.nai.com/research/nailabs/development-solutions/netbouncer.asp
  • J. Leiwo, P. Nikander, and T. Aura, “Towards network denial of service resistant protocols,” In Proceedings of the 15th
    International Information Security Conference (IFIP/SEC 2000), August 2000.
  • Cisco, “Strategies to protect against Distributed Denial of Service Attacks,”http://www.cisco.com/warp/public/707/newsflash.html
  • T. Aura, P. Nikander, and J. Leiwo, “DOS-resistant authentication with client puzzles,” In Proceedings of the 8th International Workshop on Security Protocols
  • C. Schuba, I. Krsul, M. Kuhn, G. Spafford, A. Sundaram, and D. Zamboni, “Analysis of a denial of service attack on TCP,” In
    Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.
  • A. Juels and J. Brainard, “Client puzzles: A cryptographic countermeasure against connection depletion attacks,” In Proceedings of the 1999 Networks and distributed system security symposium (NDSS’99), Mar 1999.
  • Y. L. Zheng and J. Leiwo, “A method to implement a denial of service protection base,” In Information Security and Privacy, volume 1270 of LNCS, pages 90–101, 1997.
  • O. Spatscheck and L. Peterson, “Defending against denial-of service requests in Scout,” In Proceedings of the 1999 USENIX/ACM Symposium on Operating System Design and Implementation, February 1999.
  • A. Garg and A. L. Narasimha Reddy, “Mitigating denial of service attacks using QoS regulation,” Texas A & M University Tech report, TAMU-ECE-2001-06
  • F. Lau, S. H. Rubin, M. H. Smith, and Lj. Trajkovic, “Distributed denial of service attacks,” In Proceedings of 2000 IEEE International Conference on Systems, Man, and Cybernetics, October 2000.