Design and Experiments of small DDoS Defense System using
Traffic Deflecting in Autonomous System
Ho-Seok Kang* and Sung-Ryul Kim
Konkuk University
Seoul, Republic of Korea
hsriver@gmail.com and kimsr@konkuk.ac.kr
Abstract
DDoS (Distributed Denial of Service) attacks are a
serious threat to the legitimate use of the Internet.
Many defense methods against DDoS attacks have been
suggested. However, the deployment
of defense systems becomes an important issue. A previous
work, called the Shield [3], brought
up the deployment problem and handles the issue with traffic
trapping and traffic black-holing techniques.
In this paper, a framework for redirection and filtering
that works within an AS (Autonomous
System) is proposed, while the Shield works outside an
AS. This system is designed for protecting
legitimate resources from DDoS attacks and for dispersing
traffics in small-scale networks such as
an AS. In addition, we design the structure that can be
deployed and work without changing pervious
routers. We also show the optimal number of deployed
systems and deployment location through
simulation.
Keywords: DDOS
Attack, traffic deflection, routing update, RIP, AS
*Corresponding author: Konkuk University, New Millennium
Hall 201-1, 120 Neungdong-ro, Gwangjin-gu, Seoul 143-701,
Republic of Korea, Tel:
+82-10-8987-3335
Journal of Internet Services and Information
Security (JISIS), 2(3/4): 43-53, November 2012 [pdf]