Research Article
Fine-Grained Intra-domain Bandwidth Allocation Against DDoS Attack
@INPROCEEDINGS{10.1007/978-3-030-90019-9_20, author={Lijia Xie and Shuang Zhao and Xiao Zhang and Yiming Shi and Xin Xiao and Zhiming Zheng}, title={Fine-Grained Intra-domain Bandwidth Allocation Against DDoS Attack}, proceedings={Security and Privacy in Communication Networks. 17th EAI International Conference, SecureComm 2021, Virtual Event, September 6--9, 2021, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2021}, month={11}, keywords={DDoS attack Network capability Fine-grained Intra-domain Bandwidth allocation}, doi={10.1007/978-3-030-90019-9_20} }- Lijia Xie
Shuang Zhao
Xiao Zhang
Yiming Shi
Xin Xiao
Zhiming Zheng
Year: 2021
Fine-Grained Intra-domain Bandwidth Allocation Against DDoS Attack
SECURECOMM
Springer
DOI: 10.1007/978-3-030-90019-9_20
Abstract
Multiple bandwidth reservation mechanisms based on network capability have been proposed to resolve Distributed Denial of Service (DDoS) attacks towards the transit-link. However, previous capability-based techniques are insufficient to provide accurate protection towards legitimate users of contaminated domains. In this paper, we present FIBA, an intra-domain bandwidth allocation mechanism with fine-grained accessing control granularity. FIBA enables source domains to locally differentiate the capability requests by state measuring according to two attributing factors. Moreover, FIBA can establish hierarchical channels for capability requesting packets to realize the isolation of traffic from the same source domain. Our scheme is integrated with existing methods and can be optionally deployed by source domains. Finally, through network experiments, we evaluate FIBA can realize user-level DDoS protection even in 90%-contaminated domain.