SAV-D: Defending DDoS with Incremental Deployment of SAV

Large-scale Internet Protocol (IP) spoofing distributed denial-of-service (DDoS) attacks is one of the major cyber threats. Current commercial defenses focus on eliminating attacks at the destination end, which raises concerns about the cost of appliances and the impact on quality of service. As com...

Full description

Saved in:
Bibliographic Details
Published inIEEE internet computing Vol. 27; no. 3; pp. 44 - 49
Main Authors Hui, Linbo, Zhang, Lei, Hu, Yannan, Wu, Jianping, Cui, Yong
Format Journal Article
LanguageEnglish
Published IEEE 01.05.2023
Subjects
Computer architecture
Denial-of-service attack
Information filters
IP networks
Knowledge engineering
Protocols
Quality of service
Simulation
Online AccessGet full text

Cover

More Information
Summary:Large-scale Internet Protocol (IP) spoofing distributed denial-of-service (DDoS) attacks is one of the major cyber threats. Current commercial defenses focus on eliminating attacks at the destination end, which raises concerns about the cost of appliances and the impact on quality of service. As complementaries, source-end schemes using source address validation (SAV) can block IP spoofing traffic from entering the backbone. However, their effectiveness is restricted by incremental deployment. This paper proposes SAV-D, an SAV-based honeynet-like distributed defense architecture against IP spoofing DDoS. Each SAV device functions as a honeypot to capture more threat data. By aggregating these data, SAV-D can accurately detect ongoing attacks and generate defense policies. With the policies, both SAV and non-SAV devices can filter malicious traffic. Our simulation results demonstrate that SAV-D can effectively filter out 80% of attack traffic with a modest deployment ratio of only 10%. To enable broader adoption, we also provide some guidance on standardizing SAV-D.
ISSN:1089-7801
1941-0131
DOI:10.1109/MIC.2023.3264319