Distributed Denial of Service Flooding Attacks

Preventing Distributed Denial of Service Flooding Attacks with Dynamic Path Identifiers

Introduction:

In recent years, there are increasing interests in using path identifiers (PIDs) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which makes it easy for attackers to launch distributed denial-of service (DDoS) flooding attacks. To address this issue, in this paper, we present the design, implementation, and evaluation of D-PID, a framework that uses PIDs negotiated between neighbouring domains as inter-domain routing objects. In DPID, the PID of an inter-domain path connecting two domains is kept secret and changes dynamically. We describe in detail how neighbouring domains negotiate PIDs, how to maintain ongoing communications when PIDs change. We build a 42-node prototype comprised by six domains to verify D-PID’s feasibility and conduct extensive simulations to evaluate its effectiveness and cost. The results from both simulations and experiments show that D-PID can effectively prevent DDoS attacks.

Reference IEEE paper:

“Preventing Distributed Denial-of-Service Flooding Attacks with Dynamic Path Identifiers”, IEEE TRANSACTIONS ON INFORMATION AND FORENSICS SECURITY, 2017.

Unique ID – SBI1075

Domain – INFORMATION FORENSICS & SECURITY

Book your project Now.  Checkout other projects here

Leave a Reply

Your email address will not be published. Required fields are marked *