A Defense Framework against DDoS in a Multipath Network Environment
关键词:
摘要: The Internet is facing a major threat, consisting of disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind attacks continues evolve over the past two decades and they are well known significantly affect companies businesses. DDoS popular choice among attackers community. Such attack can easily exhaust computing communication resources its victim within short period time. Many approaches countering have been proposed, but few addressed use multipath. In this paper, we analyze, how multipath routing based solutions could be used address problem. proposed framework traces back source blocks it. It also calculates multiple paths attacker (if exist) alerts all gateways near block possible traffic originating from in case another path(s) (are) later again. We demonstrate that our scheme performs better other single path schemes.
core.ac.uk
sci-hub.st 参考文章(29)
Ari Juels, John G. Brainard, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. network and distributed system security symposium. ,(1999)
Steven Michael Bellovin, John Ioannidis, Implementing Pushback : Router-Based Defense Against DDoS Attacks network and distributed system security symposium. ,(2002) , 10.7916/D8R78MXV
Adam Stubblefield, Drew Dean, Using client puzzles to protect TLS usenix security symposium. pp. 1- 1 ,(2001)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker, DDoS defense by offense ACM Transactions on Computer Systems. ,vol. 28, pp. 3- ,(2010) , 10.1145/1731060.1731063
Minho Sung, Jun Xu, IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks IEEE Transactions on Parallel and Distributed Systems. ,vol. 14, pp. 861- 872 ,(2003) , 10.1109/TPDS.2003.1233709
Hakem Beitollahi, Geert Deconinck, A Cooperative Mechanism to Defense against Distributed Denial of Service Attacks trust security and privacy in computing and communications. pp. 11- 20 ,(2011) , 10.1109/TRUSTCOM.2011.6
P. Sowkarthiga, N. Suguna, Finding the DDoS attacks in the network using distance based routing international conference on current trends in engineering and technology. pp. 410- 412 ,(2013) , 10.1109/ICCTET.2013.6675999
Shigang Chen, Yong Tang, Wenliang Du, Stateful DDoS attacks and targeted filtering Journal of Network and Computer Applications. ,vol. 30, pp. 823- 840 ,(2007) , 10.1016/J.JNCA.2005.07.007