Title :
A Pi2HC mechanism against DDoS attacks
Author :
Jin, Guang ; Li, Yuan ; Zhang, Huizhan ; Qian, Jiangbo
Author_Institution :
Coll. of Inf. Sci. & Eng., Ningbo Univ., Ningbo
Abstract :
Distributed denial of service (DDoS) attacks pose a major threat to today´s cyber security. Defense against these attacks is complicated by source IP address spoofing. The Path Identification (Pi) mechanism is a promising technique to defend against DDoS attacks with IP spoofing. In the Pi scheme, each router marks forwarding packets to generate particular identifiers corresponding to different paths, which can be used to distinguish between malicious packets and legitimate ones. To improve the previous Pi scheme, we suggest that the victim record not only the Pi mark of each packet but also its hop count (HC). Thus the victim can use the <Pi, HC> tuple to identify and discard malicious packets instead of Pi more effectively. By theoretical analysis and simulations based on actual Internet topologies, we demonstrate our scheme, Pi2HC, outperforms previous Pi. We also show that Pi2HC is robust against spoofed initial time-to-live (TTL) values by sophisticated attackers.
Keywords :
IP networks; Internet; security of data; telecommunication network topology; DDoS attacks; IP spoofing; Internet topologies; Pi2HC mechanism; denial of service; hop count; malicious packets; path identification mechanism; spoofed initial time-to-live; Analytical models; Computer crime; Computer security; Educational institutions; Information filtering; Information filters; Information science; Internet; Robustness; Topology; DDoS; Hop Count; Internet Security; Path Identification; TTL;
Conference_Titel :
Communications and Networking in China, 2008. ChinaCom 2008. Third International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4244-2373-6
Electronic_ISBN :
978-1-4244-2374-3
DOI :
10.1109/CHINACOM.2008.4685008
