A Defense Framework against DDoS in a Multipath Network Environment  

作　　者：Ahmed Redha Mahlous 

机构地区：[1]Department of Computer and Information Sciences, Prince Sultan University, Riyadh, Saudi Arabia

出　　处：《Communications and Network》2015年第2期106-116,共11页通讯与网络（英文）

摘　　要：The Internet is facing a major threat, consisting of a disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind of attacks continues to evolve over the past two decades and they are well known to significantly affect?companies and businesses. DDoS is a popular choice among attackers community. Such attack can easily exhaust the computing and communication resources of its victim within a short period of time. Many approaches to countering DDoS attacks have been proposed, but few have addressed the use of multipath. In this paper, we analyze, how multipath routing based solutions could be used to address the DDoS problem. The proposed framework traces back the attack to its source and blocks it. It also calculates multiple paths to the attacker (if they exist) and alerts all gateways near the attacker to block possible traffic originating from this source in case another path(s) is (are) later used to attack the victim again. We demonstrate that our scheme performs better that other single path schemes.The Internet is facing a major threat, consisting of a disruption to services caused by distributed denial-of-service (DDoS) attacks. This kind of attacks continues to evolve over the past two decades and they are well known to significantly affect?companies and businesses. DDoS is a popular choice among attackers community. Such attack can easily exhaust the computing and communication resources of its victim within a short period of time. Many approaches to countering DDoS attacks have been proposed, but few have addressed the use of multipath. In this paper, we analyze, how multipath routing based solutions could be used to address the DDoS problem. The proposed framework traces back the attack to its source and blocks it. It also calculates multiple paths to the attacker (if they exist) and alerts all gateways near the attacker to block possible traffic originating from this source in case another path(s) is (are) later used to attack the victim again. We demonstrate that our scheme performs better that other single path schemes.

关 键 词：DDOS MULTIPATH FILTERING TRACEBACK 

分 类 号：R73[医药卫生—肿瘤]