| Nowadays Distributed Denial of Service (DDoS) attacks have becomed to be one of most serious threats to Internet and brought about a plentiful damage. DDoS is looked as one problem about network congestion control essentially, so it can be solved through cooperation to middle nodes (routes or switches etc.) of network. This paper proposes a new defense mechanism based on distributed routes throttles, which is triggered by target When DDoS happens. Target sends attack information to up-layer routes by marking responded traffic, up-layer routes which receive marked traffic start watch ratio of relevant up-traffic and down-traffic. Through comparing with normal traffic model which is defined previously, it can decide whether route throttles traffic and also can confirm threshold of throttle. Realistic Internet topology and traffic are adopted by simulation on NS-2 and emulation program. The results indicates that defense mechanism can insure communication between target and up-layer routes when DDoS happen, further more it can throttle...
|
PDF Full Text Request