DDoS defense with IP traceback and path identification

DDoS defense with IP traceback and path identification

A novel idea to combine both IP traceback and path identification(Pi) was proposed,and malicious packets could be identified and filtered at located upstream nodes.Then a practical packet marking and filtering scheme was proposed.The nodes along the path out of the destination domain deployed Pi.Mea...

Full description

Saved in:
Bibliographic Details
Main Authors: JIN Guang, ZHANG Fei, QIAN Jiang-bo, ZHANG Hong-hao
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2011-01-01
Series:Tongxin xuebao
Subjects:
network scurity
DDoS attacks
defense
deterministic packet marking
filtering
Online Access:http://www.joconline.com.cn/zh/article/74418705/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A novel idea to combine both IP traceback and path identification(Pi) was proposed,and malicious packets could be identified and filtered at located upstream nodes.Then a practical packet marking and filtering scheme was proposed.The nodes along the path out of the destination domain deployed Pi.Meanwhile the border router of the destination domain deployed the traceback marking scheme.The victim could retrieve related information from arrived malicious packets.Then Pi-based filtering could be implemented at the border ingresses.A practical marking,storing and filtering scheme was provided in detail.The results of large-scale simulations with authoritative Internet topologies show the scheme is effective to alleviate attack impacts on the victim and upstream links in the destination domain.
ISSN:1000-436X

Similar Items