Title :
A new border filtering scheme against DDoS attacks
Author :
Fei Zhang ; Jin, Guang ; Zhang, Honghao ; Xie, Zhijun
Author_Institution :
Coll. of Inf. Sci. & Eng., Ningbo Univ., Ningbo, China
Abstract :
There are two types of packet marking techniques in DDoS attacks defense. IP traceback reconstructs attack paths and entrance nodes, while path identification enables the victim identify and filter effectively malicious packets. In this paper, we propose an idea of organic combination of both that the upstream nodes identify and filter malicious packets. We specifically design a new packet marking and filtering scheme. Along the path, the nodes before the border routers mark packets with path identification scheme while the border nodes mark packets with IP traceback scheme. The victim can extract and reconstruct the relevant information from malicious arrived packets, and then notify the attack entrance nodes, i.e., the border routers, to filter malicious packets based on marking information. Large-scale simulation results based on actual Internet topology show that our defense scheme is better, and reduce effectively the impact of the attack on the victim and the upstream link inside autonomous system.
Keywords :
IP networks; Internet; computer network security; filtering theory; DDoS attacks defense; IP traceback; Internet topology; autonomous system; border filtering scheme; border routers; distributed denial of service; malicious packets filtering; packet marking techniques; path identification; Computer crime; Educational institutions; Information analysis; Information filtering; Information filters; Information science; Intelligent transportation systems; Internet; Large-scale systems; Power electronics; Deterministic Packet Marking; Distributed Denial of Service; Filter; Internet security;
Conference_Titel :
Power Electronics and Intelligent Transportation System (PEITS), 2009 2nd International Conference on
Conference_Location :
Shenzhen
Print_ISBN :
978-1-4244-4544-8
DOI :
10.1109/PEITS.2009.5407003
