Mitigating DoS Attack Through Selective Bin Verification

We propose and evaluate a defense against DoS attacks which we call selective bin verification. Unlike existing approaches, selective bin verification requires no router modifications and tolerates large DoS attacks, even when attack packets are able to permeate the network and reach the target of their attack. We verify the practicality and effectiveness of our technique by implementing an experimental testbed in which selective bin verification is successfully used to protect against even large DoS attacks. We formally describe the mathematical properties of our approach and delineate "tuning" parameters for customizing the defense against varying attack strengths.