We propose a DDoS mitigation architecture that protects legitimate traffic from the large volume of malicious packets during a DDoS bandwidth attack. The system keeps a legitimacy list and gives higher priority to those packets that are on the list. The legitimacy list is kept up to date by keeping only the entries that complete the TCP three-way handshake and thus defeats IP spoofing. Entries in the list contain the IP address and the path signature of active TCP connections. A packet obtains high priority if its path signature strongly correlates with the corresponding path signature stored in the legitimacy list. We show that the scheme is efficient when deployed incrementally by using priority queuing at perimeter routers. An autonomous system (AS) can immediately benefit from our proposed system when deployed even if other ASs do not deploy it. © 2007 Springer.
CITATION STYLE
Farhat, H. (2007). ITS: A DDoS mitigating architecture. In Innovations and Advanced Techniques in Computer and Information Sciences and Engineering (pp. 537–541). Kluwer Academic Publishers. https://doi.org/10.1007/978-1-4020-6268-1_94
Mendeley helps you to discover research relevant for your work.