Research Article
A Pi2HC Mechanism against DDoS Attacks
@INPROCEEDINGS{10.1109/CHINACOM.2008.4685008, author={Guang Jin and Yuan Li and Huizhan Zhang and Jiangbo Qian}, title={A Pi2HC Mechanism against DDoS Attacks}, proceedings={ChinaCom2008-Network and Information Security Symposium}, publisher={IEEE}, proceedings_a={CHINACOM2008-NIS}, year={2008}, month={11}, keywords={Internet Security; DDoS; Path Identification; TTL; Hop Count}, doi={10.1109/CHINACOM.2008.4685008} }- Guang Jin
Yuan Li
Huizhan Zhang
Jiangbo Qian
Year: 2008
A Pi2HC Mechanism against DDoS Attacks
CHINACOM2008-NIS
IEEE
DOI: 10.1109/CHINACOM.2008.4685008
Abstract
Distributed Denial of Service (DDoS) attacks pose a major threat to today’s cyber security. Defense against these attacks is complicated by source IP address spoofing. The Path Identification (Pi) mechanism is a promising technique to defend against DDoS attacks with IP spoofing. In the Pi scheme, each router marks forwarding packets to generate particular identifiers corresponding to different paths, which can be used to distinguish between malicious packets and legitimate ones. To improve the previous Pi scheme, we suggest that the victim record not only the Pi mark of each packet but also its hop count (HC). Thus the victim can use the tuple to identify and discard malicious packets instead of Pi more effectively. By theoretical analysis and simulations based on actual Internet topologies, we demonstrate our scheme, Pi2HC, outperforms previous Pi. We also show that Pi2HC is robust against spoofed initial Time-to-Live (TTL) values by sophisticated attackers.
