Preventing Distributed Denial of Service Flooding Attacks with Dynamic Path Identifiers
In recent years, there are increasing interests in using path identifiers (PIDs) as inter-domain routing objects. However, the PIDs used in existing approaches are static, which makes it easy for attackers to launch distributed denial-of service (DDoS) flooding attacks. To address this issue, in this paper, we present the design, implementation, and evaluation of D-PID, a framework that uses PIDs negotiated between neighbouring domains as inter-domain routing objects. In DPID, the PID of an inter-domain path connecting two domains is kept secret and changes dynamically. We describe in detail how neighbouring domains negotiate PIDs, how to maintain ongoing communications when PIDs change. We build a 42-node prototype comprised by six domains to verify D-PID’s feasibility and conduct extensive simulations to evaluate its effectiveness and cost. The results from both simulations and experiments show that D-PID can effectively prevent DDoS attacks.
Reference IEEE paper:
“Preventing Distributed Denial-of-Service Flooding Attacks with Dynamic Path Identifiers”, IEEE TRANSACTIONS ON INFORMATION AND FORENSICS SECURITY, 2017.
Unique ID – SBI1075
Domain – INFORMATION FORENSICS & SECURITY