Design and Experiments of small DDoS Defense System using

Traffic Deflecting in Autonomous System

Ho-Seok Kang* and Sung-Ryul Kim

Konkuk University

Seoul, Republic of Korea

hsriver@gmail.com and kimsr@konkuk.ac.kr

Abstract

DDoS (Distributed Denial of Service) attacks are a serious threat to the legitimate use of the Internet.

Many defense methods against DDoS attacks have been suggested. However, the deployment

of defense systems becomes an important issue. A previous work, called the Shield [3], brought

up the deployment problem and handles the issue with traffic trapping and traffic black-holing techniques.

In this paper, a framework for redirection and filtering that works within an AS (Autonomous

System) is proposed, while the Shield works outside an AS. This system is designed for protecting

legitimate resources from DDoS attacks and for dispersing traffics in small-scale networks such as

an AS. In addition, we design the structure that can be deployed and work without changing pervious

routers. We also show the optimal number of deployed systems and deployment location through

simulation.

Keywords: DDOS Attack, traffic deflection, routing update, RIP, AS

*Corresponding author: Konkuk University, New Millennium Hall 201-1, 120 Neungdong-ro, Gwangjin-gu, Seoul 143-701,

Republic of Korea, Tel: +82-10-8987-3335