An Active DDoS Defense Model Based on Packet Marking

Author

Zhang, Yongping ; Wan, Zhuqing ; Wu, Mingming

Author_Institution

Sch. of Comput. Sci. & Technol., China Univ. of Min. & Technol., Xuzhou, China

Volume

1

fYear

2009

fDate

28-30 Oct. 2009

Firstpage

435

Lastpage

438

Abstract

In the light of that the defense against DDoS attacks is difficult, an active DDoS defense model based on packet marking is proposed in this paper. The model is composed of the subsystem of the tracking of the attacks and the subsystem of filtering of the attack flows. The function of the former is to reconstruct the attack paths using the information from the marked packets while the function of the later is to filter the attacking packets according to the information obtained from the former. The model has a higher efficiency in reconstructing attack path by using a novel authenticated packet marking scheme for IP trace-back. So, it can correspond to the attack flow in a short time. In addition, flow detection and neural network is also used in the model so that the model is more powerful in the functions of identification and filtering of attack packets and protection of the legitimate flows.

Keywords

information filtering; message authentication; neural nets; IP trace-back; active DDoS defense model; attack flow filtering; attack packet filtering identification; authenticated packet marking scheme; flow detection; legitimate flow protection; neural network; Active filters; Computer crime; Computer science; Electronic mail; Information filtering; Information filters; Neural networks; Protection; Telecommunication traffic; Traffic control; DDoS attack; active defense; neural network Introduction; packet filtering; packet marking;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Engineering, 2009. WCSE '09. Second International Workshop on

Conference_Location

Qingdao

Print_ISBN

978-0-7695-3881-5

Type

conf

DOI

10.1109/WCSE.2009.704

Filename

5403249