Path Attestation Scheme to Avert DDoS Flood Attacks

Abstract : DDoS mitigation schemes are increasingly becoming relevant in the Internet. The main hurdle faced by such schemes is the \nearly indistinguishable" line between malicious tra c and genuine tra c. It is best tackled with a paradigm shift in connection handling by attest- ing the path. We therefore propose the scheme called \Path Attestation Scheme" coupled with a metric called \Con dence Index" to tackle the problem of distinguishing malicious and genuine tra c in a progressive manner, with varying levels of certainty. We support our work through an experimental study to establish the stability of Internet topology by using 134 di erent global Internet paths over a period of 16 days. Our Path Attestation Scheme was able to successfully distinguish between malicious and genuine tra c, 85% of the time. The scheme presupposes support from a fraction of routers in the path.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-01059127
Contributor : Hal Ifip <>
Submitted on : Friday, August 29, 2014 - 1:52:21 PM
Last modification on : Saturday, July 21, 2018 - 5:22:02 PM
Document(s) archivé(s) le : Sunday, November 30, 2014 - 10:40:43 AM

File

main.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Raktim Bhattacharjee, S. Sanand, S. V. Raghavan. Path Attestation Scheme to Avert DDoS Flood Attacks. 9th International IFIP TC 6 Networking Conference (NETWORKING), May 2010, Chennai, India. pp.397-408, ⟨10.1007/978-3-642-12963-6_32⟩. ⟨hal-01059127⟩

Share

Metrics

Record views

87

Files downloads

113