Optimal path identification to defend against DDoS attacks
A novel packet marking scheme,optimal path identification(OPi),was proposed to defend against DDoS at-tacks.Instead of using fixed 1 or 2 bit in previous schemes,in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit int...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2008-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74653160/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841537553699700736 |
|---|---|
| author | JIN Guang1 YANG Jian-gang1 LI Yuan2 ZHANG Hui-zhan2 |
| author_facet | JIN Guang1 YANG Jian-gang1 LI Yuan2 ZHANG Hui-zhan2 |
| author_sort | JIN Guang1 |
| collection | DOAJ |
| description | A novel packet marking scheme,optimal path identification(OPi),was proposed to defend against DDoS at-tacks.Instead of using fixed 1 or 2 bit in previous schemes,in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit into the packet.The marking field is filled completely even the path is very short and the distinguishability is improved.OPi outperforms previous schemes,espe-cially when attacker paths adjoin user paths seriously.To obtain better performance,an OPi+TTL filtering strategy was proposed to frustrate attackers’ tries with spoofed initial TTL values.Theoretical analyses and simulations with actual Internet topologies show OPi performs excellently. |
| format | Article |
| id | doaj-art-896993039ae849ef8d058963f33637a9 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2008-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-896993039ae849ef8d058963f33637a92025-01-14T08:30:59ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2008-01-01465374653160Optimal path identification to defend against DDoS attacksJIN Guang1YANG Jian-gang1LI Yuan2ZHANG Hui-zhan2A novel packet marking scheme,optimal path identification(OPi),was proposed to defend against DDoS at-tacks.Instead of using fixed 1 or 2 bit in previous schemes,in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit into the packet.The marking field is filled completely even the path is very short and the distinguishability is improved.OPi outperforms previous schemes,espe-cially when attacker paths adjoin user paths seriously.To obtain better performance,an OPi+TTL filtering strategy was proposed to frustrate attackers’ tries with spoofed initial TTL values.Theoretical analyses and simulations with actual Internet topologies show OPi performs excellently.http://www.joconline.com.cn/zh/article/74653160/Internet securityDDoS attackpacket markingpath identification |
| spellingShingle | JIN Guang1 YANG Jian-gang1 LI Yuan2 ZHANG Hui-zhan2 Optimal path identification to defend against DDoS attacks Tongxin xuebao Internet security DDoS attack packet marking path identification |
| title | Optimal path identification to defend against DDoS attacks |
| title_full | Optimal path identification to defend against DDoS attacks |
| title_fullStr | Optimal path identification to defend against DDoS attacks |
| title_full_unstemmed | Optimal path identification to defend against DDoS attacks |
| title_short | Optimal path identification to defend against DDoS attacks |
| title_sort | optimal path identification to defend against ddos attacks |
| topic | Internet security DDoS attack packet marking path identification |
| url | http://www.joconline.com.cn/zh/article/74653160/ |
| work_keys_str_mv | AT jinguang1 optimalpathidentificationtodefendagainstddosattacks AT yangjiangang1 optimalpathidentificationtodefendagainstddosattacks AT liyuan2 optimalpathidentificationtodefendagainstddosattacks AT zhanghuizhan2 optimalpathidentificationtodefendagainstddosattacks |