Title :
Small DDoS defense system using routing deployment method
Author :
Kang, Ho-Seok ; Kim, Sung-Ryul
Author_Institution :
Div. of Internet & Media Eng., Konkuk Univ., Seoul, South Korea
Abstract :
The defense systems for DDoS(Distributed Denial of Service) attacks are getting more advanced. Where to place the system is a key issue. Shield[1] brings up deployment problem and is made with traffic trapping and traffic black-holing techniques. In this paper, a framework for redirection and filtering that works within an AS(Autonomous System) is proposed, while the Shield works outside an AS. This system allows precise traffic redirection and detection using routing update of RIP, a widely-used IGP(Interior Gateway Protocol). We describe our system using the five DDoS attack scenarios and three-phase modes of operation within an AS.
Keywords :
computer network security; routing protocols; telecommunication traffic; AS; DDoS attack scenarios; DDoS defense system; IGP; RIP; autonomous system; distributed denial of service; interior gateway protocol; routing deployment method; routing update; traffic black-holing techniques; traffic detection; traffic redirection; traffic trapping; Charge carrier processes; Computer crime; Filtering; Internet; Protocols; Routing; DDoS; RIP; routing update; traffic deflection;
Conference_Titel :
Internet Security (WorldCIS), 2012 World Congress on
Conference_Location :
Guelph, ON
Print_ISBN :
978-1-4673-1108-3
