A Pi2HC mechanism against DDoS attacks

Jin, Guang; Li, Yuan; Zhang, Huizhan; Qian, Jiangbo

doi:10.1109/chinacom.2008.4685008

Cited by 2 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It use a distance filed to enhance differentiation effects for different paths. We proposed a Pi2HC [12] mechanism which utilizes both the Pi and Hop count refelected by TTL.…”

Section: Related Workmentioning

confidence: 99%

A Hash-Based Path Identification Scheme for DDoS Attacks Defense

Jin

Zhang

et al. 2009

2009 Ninth IEEE International Conference on Computer and Information Technology

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks pose a major threat to today's cyber security. Defense against these attacks is complicated by source IP address spoofing, which is exploited by attackers to conceal source IP addresses and localities of malicious traffic. In this paper, we propose HPi (Hash-based Path Identification), a novel packet marking scheme to defeat DDoS attacks regardless of forged IP addresses. Our scheme makes full use of a packet's 16-bit IP Identification field to generate a unique identifier corresponding to a path the packet traverses. Each router along the path hashes the last 16 bits of its IP address into the IP Identification field. Thus the victim can identify every single received packet as legitimate or malicious on a per packet basis with high accuracy. And we develop different filtering strategies for victim servers with different capabilities. We also propose a new packet filtering mechanism, the HPi2HC filter, for the victim to distinguish between legitimate and malicious packets more accurately based on tuple of each packet. Simulation results show that the performance of our scheme is still quite promising even when only half of the routers in the network participate in packet marking. The HPi scheme is also lightweight, supporting incremental deployment, and is robust against randomly initial values in IP Identification field forged by sophisticated attackers.

show abstract

“…It use a distance filed to enhance differentiation effects for different paths. We proposed a Pi2HC [12] mechanism which utilizes both the Pi and Hop count refelected by TTL.…”

Section: Related Workmentioning

confidence: 99%