A DDoS attack defending scheme based on network processor
The distributed denial of service attacks have become more and more frequent and caused some fatal problems. Many researches have been done to detect and defend such attacks, however, many solutions are still in the phase of theoretical studies. Some of them may have certain practical value, but they have to reconstruct the existing network and the routing instruments with great cost. This paper proposes a DDoS attack defending scheme based on network processor. The scheme takes advantage of network processors powerful process ability to divide the network flow into different types firstly, and then uses a QoS mechanism to ensure essential communications as well as to eliminate the attack flow to the greatest extent. Experiment results show that the scheme can provide enough bandwidth for high priority flow, and effectively weaken the attack flow.
distributed denial of service attacks QoS network processor defending
Li Xinlei Zheng Kangfeng Yang Yixian
Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications Key Laboratory of network and information attack & defence technology of MOE, Beijing University of Posts and Tele
国际会议
2009 WASE International Conference on Information Engineering(2009年国际信息工程会议)(ICIE 2009)
太原
英文
897-900
2009-07-10(万方平台首次上网日期,不代表论文的发表时间)