Optimal Path Identification to Defend Against Ddos Attacks ()
Abstract
A novel packet marking scheme, optimal path identification (OPi), was proposed to defend against DDoS attacks. Instead of using fixed 1 or 2 bit in previous schemes, in OPi a router deduces the traveling distance of an arrived packet by its TTL value and inserts a variable-length marking of 1~16 bit into the packet. The marking field is filled completely even the path is very short and the distinguishability is improved. OPi outperforms previous schemes, especially when attacker paths adjoin user paths seriously. To obtain better performance, an OPi+TTL filtering strategy was proposed to frustrate attackers’ tries with spoofed initial TTL values. Theoretical analyses and simulations with actual Internet topologies show OPi performs excellently.
Share and Cite:
G. JIN, "Optimal Path Identification to Defend Against Ddos Attacks," Communications and Network, Vol. 1 No. 1, 2009, pp. 17-24.
Conflicts of Interest
The authors declare no conflicts of interest.