Preventing Distributed Denial-of-Service Flooding Attacks with Dynamic Path Identifiers
- Publisher:
- Institute of Electrical and Electronics Engineers
- Publication Type:
- Journal Article
- Citation:
- IEEE Transactions on Information Forensics and Security, 2017, 12, (8), pp. 1801-1815
- Issue Date:
- 2017-08-01
Closed Access
Filename | Description | Size | |||
---|---|---|---|---|---|
Preventing_Distributed_Denial-of-Service_Flooding_Attacks_With_Dynamic_Path_Identifiers.pdf | 3.77 MB |
Copyright Clearance Process
- Recently Added
- In Progress
- Closed Access
This item is closed access and not available.
In recent years, there are increasing interests in using path identifiers (PIDs ) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which makes it easy for attackers to launch the distributed denial-of-service (DDoS) flooding attacks. To address this issue, in this paper, we present the design, implementation, and evaluation of dynamic PID (D-PID), a framework that uses PIDs negotiated between the neighboring domains as inter-domain routing objects. In D-PID, the PID of an inter-domain path connecting the two domains is kept secret and changes dynamically. We describe in detail how neighboring domains negotiate PIDs and how to maintain ongoing communications when PIDs change. We build a 42-node prototype comprised of six domains to verify D-PID's feasibility and conduct extensive simulations to evaluate its effectiveness and cost. The results from both simulations and experiments show that D-PID can effectively prevent DDoS attacks.
Please use this identifier to cite or link to this item: