End-to-end routing behavior in the Internet
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
D-ward: source-end defense against distributed denial-of-service attacks
D-ward: source-end defense against distributed denial-of-service attacks
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
DDoS mitigation schemes are increasingly becoming relevant in the Internet. The main hurdle faced by such schemes is the “nearly indistinguishable” line between malicious traffic and genuine traffic. It is best tackled with a paradigm shift in connection handling by attesting the path. We therefore propose the scheme called “Path Attestation Scheme” coupled with a metric called “Confidence Index” to tackle the problem of distinguishing malicious and genuine traffic in a progressive manner, with varying levels of certainty. We support our work through an experimental study to establish the stability of Internet topology by using 134 different global Internet paths over a period of 16 days. Our Path Attestation Scheme was able to successfully distinguish between malicious and genuine traffic, 85% of the time. The scheme presupposes support from a fraction of routers in the path.