A new marking scheme to defend against distributed denial of service attacks

Author

Gao, Zhiqiang ; Ansari, Nirwan ; Anantharam, Karunakar

Author_Institution

Dept. of Electr. & Comput. Eng., New Jersey Inst. of Technol., Newark, NJ, USA

Volume

4

fYear

2004

fDate

29 Nov.-3 Dec. 2004

Firstpage

2256

Abstract

In this paper, we propose a new mechanism to defend against distributed denial of service (DDoS) attacks with path information rather than IP address information. Instead of the complete binary tree model, our proposal is based on the four color theorem. The salient feature of the theorem is that it allows color reuse so that even if some portions of the map have more than 4 neighbors, 4 colors are still sufficient to mark all their borders. This idea of reuse is very important because some routers have many interfaces and the length of the ID field in the header of an IP packet, where the marking information is embedded, is very limited. Furthermore, our marking scheme takes the Internet hierarchy into account, and greatly relaxes the limitation on the number of interfaces of routers, thus making the scheme more practical. Simulation results have validated our design.

Keywords

Internet; computer network management; routing protocols; security of data; telecommunication security; DDoS attacks; Internet hierarchy; color reuse; distributed denial of service attacks; four color theorem; marking scheme; path information; router interfaces; Binary trees; Cellular neural networks; Computer crime; Information security; Resists; Robustness; Web and internet services; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2004. GLOBECOM '04. IEEE

Print_ISBN

0-7803-8794-5

Type

conf

DOI

10.1109/GLOCOM.2004.1378410

Filename

1378410