Preventing Distributed Denial-of-Service Flooding Attacks with Dynamic Path Identifiers
2017 (English)In: IEEE Transactions on Information Forensics and Security, ISSN 1556-6013, E-ISSN 1556-6021Article in journal (Refereed) Epub ahead of print
In recent years, there are increasing interests in using path identifiers (PIDs) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which makes it easy for attackers to launch distributed denial-ofservice (DDoS) flooding attacks. To address this issue, in this paper, we present the design, implementation, and evaluation of D-PID, a framework that uses PIDs negotiated between neighboring domains as inter-domain routing objects. In DPID, the PID of an inter-domain path connecting two domains is kept secret and changes dynamically. We describe in detail how neighboring domains negotiate PIDs, how to maintain ongoing communications when PIDs change. We build a 42-node prototype comprised by six domains to verify D-PID’s feasibility and conduct extensive simulations to evaluate its effectiveness and cost. The results from both simulations and experiments show that D-PID can effectively prevent DDoS attacks.
Place, publisher, year, edition, pages
Media and Communication Technology
Research subject Mobile and Pervasive Computing
IdentifiersURN: urn:nbn:se:ltu:diva-62856DOI: 10.1109/TIFS.2017.2688414OAI: oai:DiVA.org:ltu-62856DiVA: diva2:1086513