ChinaCom2008-Network and Information Security Symposium

Research Article

A Pi2HC Mechanism against DDoS Attacks

  • @INPROCEEDINGS{10.1109/CHINACOM.2008.4685008,
        author={Guang Jin and Yuan Li and Huizhan Zhang and Jiangbo Qian},
        title={A Pi2HC Mechanism against DDoS Attacks},
        proceedings={ChinaCom2008-Network and Information Security Symposium},
        publisher={IEEE},
        proceedings_a={CHINACOM2008-NIS},
        year={2008},
        month={11},
        keywords={Internet Security; DDoS; Path Identification; TTL; Hop Count},
        doi={10.1109/CHINACOM.2008.4685008}
    }
    
  • Guang Jin
    Yuan Li
    Huizhan Zhang
    Jiangbo Qian
    Year: 2008
    A Pi2HC Mechanism against DDoS Attacks
    CHINACOM2008-NIS
    IEEE
    DOI: 10.1109/CHINACOM.2008.4685008
Guang Jin1,*, Yuan Li1,*, Huizhan Zhang1,*, Jiangbo Qian1,*
  • 1: College of Information Science and Engineering, Ningbo University, Ningbo, China, 315211
*Contact email: jinguang@nbu.edu.cn, g06b08120302@email.nbu.edu.cn, g06b08120308@email.nbu.edu.cn, qianjiangbo@nbu.edu.cn

Abstract

Distributed Denial of Service (DDoS) attacks pose a major threat to today’s cyber security. Defense against these attacks is complicated by source IP address spoofing. The Path Identification (Pi) mechanism is a promising technique to defend against DDoS attacks with IP spoofing. In the Pi scheme, each router marks forwarding packets to generate particular identifiers corresponding to different paths, which can be used to distinguish between malicious packets and legitimate ones. To improve the previous Pi scheme, we suggest that the victim record not only the Pi mark of each packet but also its hop count (HC). Thus the victim can use the tuple to identify and discard malicious packets instead of Pi more effectively. By theoretical analysis and simulations based on actual Internet topologies, we demonstrate our scheme, Pi2HC, outperforms previous Pi. We also show that Pi2HC is robust against spoofed initial Time-to-Live (TTL) values by sophisticated attackers.