Two-Phase Traceback of DDoS Attacks with Overlay Network
- DOI
- 10.2991/icsmim-15.2016.91How to use a DOI?
- Keywords
- Network Security; DDoS Attacks; Oveylay Network; Adaptive CUSUM; Two-phase traceback.
- Abstract
An overlay network based traceback scheme against DDoS attacks is proposed in this paper. A CAT server is set in each ISP domain, and receives the alert packets from routers in the domain. According to the alert packets, the intra-domain attack tree is constructed. An alert will be sent to the victim once an intra-domain attack tree is formed. The inter-domain attack tree is constructed at the CAT server of the victim end according to the received alert packets from upstream domains. The traceback request is sent to each CAT server of the inter-domain attack tree once the DDoS attacks are detected. Having received the request, the CAT server will find the attack source along the intra-domain attack tree, and take measures to stop DDoS attacks. The proposed scheme implements two-phase traceback of DDoS attacks effectively and fast.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Zaihong Zhou AU - Jiang Wang AU - Xi Chen PY - 2016/01 DA - 2016/01 TI - Two-Phase Traceback of DDoS Attacks with Overlay Network BT - Proceedings of the 2015 4th International Conference on Sensors, Measurement and Intelligent Materials PB - Atlantis Press SP - 491 EP - 495 SN - 2352-538X UR - https://doi.org/10.2991/icsmim-15.2016.91 DO - 10.2991/icsmim-15.2016.91 ID - Zhou2016/01 ER -