ACtive edge-Tagging (ACT): an intruder identification and isolation scheme in active networks

As client/server-based network communications becomes ever-increasingly widespread with the rapid growth of the Internet, security problems have emerged as one of the most pressing issues in the Internet community. Despite the best effort of the Internet community to minimize security problems, vulnerabilities in the network still exist, and various lapses in security have demonstrated the destruction of data integrity and resource availability in the Internet. In particular, a series of occurrences of distributed denial of service (DDoS) have proven to be a challenging issue for Internet service providers (ISPs) and content providers alike. We present a novel approach, ACtive edgeTagging (ACT), which facilitates the handling of source-spoofed attacks by effectively detecting, identifying, and isolating intrusions in the network layer. Unlike the existing solutions, ACT deals with the targeted attacks efficiently without over-bearing requirements or mandatory participation of every individual network in the Internet. ACT is particularly effective for identifying and isolating attackers employing DDoS type of intrusion schemes, and it is highly scalable and extensible as well as feasible to implement in large-scale networks such as the global Internet