Abstract:
This paper proposes a Distributed Denial of Service(DDoS) defense method based on Autonomous System(AS) edge feedback. It can thwart attack traffic in boundary of AS, which is close to attacking sources. In attack, the victim measures its ingress traffic rate and sends feedback to the edge routers. As a result, malicious traffic is effectively filtered in AS boundary. The experiments show that the method can effectively guarantee the survival rate of legitimate flows and protect victim from DDoS.
Key words:
Distributed Denial of Service(DDoS),
Autonomous System(AS),
edge router,
defense
摘要: 给出一种基于自治域边界反馈的DDoS防御方法,实现在自治域边界接近攻击源端阻挡入侵流量。在攻击时,通过在被攻击端测量攻击流量并向边界路由器提供反馈,使得自治域边界处能有效地过滤恶意流量。实验表明,该方法可有效保证合法流量的存活率,保护被攻击机不被DDoS攻击干扰。
关键词:
分布式拒绝服务,
自治域,
边界路由器,
防御
CLC Number:
BI Xiao-ming. Distributed DDoS Defense Method Based on Autonomous System Edge Feedback[J]. Computer Engineering, 2009, 35(11): 161-162,.
毕小明. 基于自治域边界反馈的分布式DDoS防御方法[J]. 计算机工程, 2009, 35(11): 161-162,.