Research Article
Resisting Network DDoS Attacks by Packet Asymmetry Path Marking
@INPROCEEDINGS{10.1109/CHINACOM.2007.4498433, author={Guang Jin and Jiangang Yang and Wei Wei and Yabo Dong}, title={Resisting Network DDoS Attacks by Packet Asymmetry Path Marking}, proceedings={2nd International ICST Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2008}, month={4}, keywords={Bandwidth Computer crime Computer science Educational institutions IP networks Information science Intrusion detection Resists Telecommunication traffic Traffic control}, doi={10.1109/CHINACOM.2007.4498433} }- Guang Jin
Jiangang Yang
Wei Wei
Yabo Dong
Year: 2008
Resisting Network DDoS Attacks by Packet Asymmetry Path Marking
CHINACOM
IEEE
DOI: 10.1109/CHINACOM.2007.4498433
Abstract
A novel packet marking scheme is proposed to defend against network or bandwidth DDoS attacks, especially where malicious packets do not target the victim directly. A recent study shows that packet-level symmetry exists in legitimate Internet traffic while malicious flooding traffic often exhibits packet asymmetry. Our scheme utilizes the packet asymmetry to differentiate malicious and legitimate traffic. When a packet to a destination host is transmitted from a router, a packet asymmetry score, the ratio of transmitted to received packets of the destination host over the last interval, is calculated and recorded into the packet’s header additively. Malicious packets should carry higher scores because of the absence of reverse packets. When packets with packet asymmetry scores arrive at a downstream router, where some packets are dropped because of congestion, the router should drop packets with higher scores preferentially. Simulation results show the scheme is effective to defend against DDoS attacks targeting network resources.