Optimal path identification to defend against DDoS attacks
A novel packet marking scheme,optimal path identification(OPi),was proposed to defend against DDoS at-tacks.Instead of using fixed 1 or 2 bit in previous schemes,in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit int...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2008-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74653160/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | A novel packet marking scheme,optimal path identification(OPi),was proposed to defend against DDoS at-tacks.Instead of using fixed 1 or 2 bit in previous schemes,in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit into the packet.The marking field is filled completely even the path is very short and the distinguishability is improved.OPi outperforms previous schemes,espe-cially when attacker paths adjoin user paths seriously.To obtain better performance,an OPi+TTL filtering strategy was proposed to frustrate attackers’ tries with spoofed initial TTL values.Theoretical analyses and simulations with actual Internet topologies show OPi performs excellently. |
|---|---|
| ISSN: | 1000-436X |