Marking-Based Source Identification Scheme for Defending Against DDoS Attacks
碩士 === 國立交通大學 === 資訊工程系 === 91 === Distributed Denial of Service (DDoS) attacks still threaten the Internet. The difficult part in defending against DDoS attacks is the source IP address of attack packets are spoofed. While defending against DDoS attacks, the most important point is to id...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2003
|
Online Access: | http://ndltd.ncl.edu.tw/handle/60366247919543570021 |
id |
ndltd-TW-091NCTU0392081 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-091NCTU03920812016-06-22T04:14:05Z http://ndltd.ncl.edu.tw/handle/60366247919543570021 Marking-Based Source Identification Scheme for Defending Against DDoS Attacks 抵禦分散式阻斷服務攻擊之來源判別機制 Kang-Hsien Chou 周剛賢 碩士 國立交通大學 資訊工程系 91 Distributed Denial of Service (DDoS) attacks still threaten the Internet. The difficult part in defending against DDoS attacks is the source IP address of attack packets are spoofed. While defending against DDoS attacks, the most important point is to identify the legitimate traffic and attack traffic. In our observation, we find that traffic converge toward the destination from sources, so it is easier to observe the difference of packets come from different sources while packets are far away from the destination. Therefore, a marking-based source identification scheme that can distinguish packets come from different sources obviously so that the victim can filter attack packets effectively is proposed. To verify the proposed scheme, we use the real Internet topologies (CAIDA’s Skitter map and Burch and Cheswick’s Internet map) to simulate DDoS attacks. The simulation results show the significant improvement of legitimate traffic throughput during DDoS attacks. Moreover, the simulation results also demonstrate the scheme is also effective even if not all routers support the marking scheme. Shiuh-Pyng Shieh 謝續平 2003 學位論文 ; thesis 45 en_US |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立交通大學 === 資訊工程系 === 91 === Distributed Denial of Service (DDoS) attacks still threaten the Internet. The difficult part in defending against DDoS attacks is the source IP address of attack packets are spoofed. While defending against DDoS attacks, the most important point is to identify the legitimate traffic and attack traffic. In our observation, we find that traffic converge toward the destination from sources, so it is easier to observe the difference of packets come from different sources while packets are far away from the destination. Therefore, a marking-based source identification scheme that can distinguish packets come from different sources obviously so that the victim can filter attack packets effectively is proposed. To verify the proposed scheme, we use the real Internet topologies (CAIDA’s Skitter map and Burch and Cheswick’s Internet map) to simulate DDoS attacks. The simulation results show the significant improvement of legitimate traffic throughput during DDoS attacks. Moreover, the simulation results also demonstrate the scheme is also effective even if not all routers support the marking scheme.
|
author2 |
Shiuh-Pyng Shieh |
author_facet |
Shiuh-Pyng Shieh Kang-Hsien Chou 周剛賢 |
author |
Kang-Hsien Chou 周剛賢 |
spellingShingle |
Kang-Hsien Chou 周剛賢 Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
author_sort |
Kang-Hsien Chou |
title |
Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
title_short |
Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
title_full |
Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
title_fullStr |
Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
title_full_unstemmed |
Marking-Based Source Identification Scheme for Defending Against DDoS Attacks |
title_sort |
marking-based source identification scheme for defending against ddos attacks |
publishDate |
2003 |
url |
http://ndltd.ncl.edu.tw/handle/60366247919543570021 |
work_keys_str_mv |
AT kanghsienchou markingbasedsourceidentificationschemefordefendingagainstddosattacks AT zhōugāngxián markingbasedsourceidentificationschemefordefendingagainstddosattacks AT kanghsienchou dǐyùfēnsànshìzǔduànfúwùgōngjīzhīláiyuánpànbiéjīzhì AT zhōugāngxián dǐyùfēnsànshìzǔduànfúwùgōngjīzhīláiyuánpànbiéjīzhì |
_version_ |
1718315011336568832 |