Marking-Based Source Identification Scheme for Defending Against DDoS Attacks

• Main Authors: Kang-Hsien Chou, 周剛賢
• Other Authors: Shiuh-Pyng Shieh
• Format: Others
• Language: en_US
• Published: 2003
• Online Access: http://ndltd.ncl.edu.tw/handle/60366247919543570021

碩士 === 國立交通大學 === 資訊工程系 === 91 === Distributed Denial of Service (DDoS) attacks still threaten the Internet. The difficult part in defending against DDoS attacks is the source IP address of attack packets are spoofed. While defending against DDoS attacks, the most important point is to identify the legitimate traffic and attack traffic. In our observation, we find that traffic converge toward the destination from sources, so it is easier to observe the difference of packets come from different sources while packets are far away from the destination. Therefore, a marking-based source identification scheme that can distinguish packets come from different sources obviously so that the victim can filter attack packets effectively is proposed. To verify the proposed scheme, we use the real Internet topologies (CAIDA’s Skitter map and Burch and Cheswick’s Internet map) to simulate DDoS attacks. The simulation results show the significant improvement of legitimate traffic throughput during DDoS attacks. Moreover, the simulation results also demonstrate the scheme is also effective even if not all routers support the marking scheme.