Abstract | ||
---|---|---|
Multiple bandwidth reservation mechanisms based on network capability have been proposed to resolve Distributed Denial of Service (DDoS) attacks towards the transit-link. However, previous capability-based techniques are insufficient to provide accurate protection towards legitimate users of contaminated domains. In this paper, we present FIBA, an intra-domain bandwidth allocation mechanism with fine-grained accessing control granularity. FIBA enables source domains to locally differentiate the capability requests by state measuring according to two attributing factors. Moreover, FIBA can establish hierarchical channels for capability requesting packets to realize the isolation of traffic from the same source domain. Our scheme is integrated with existing methods and can be optionally deployed by source domains. Finally, through network experiments, we evaluate FIBA can realize user-level DDoS protection even in 90%-contaminated domain. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1007/978-3-030-90019-9_20 | SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2021, PT I |
Keywords | DocType | Volume |
DDoS attack, Network capability, Fine-grained, Intra-domain, Bandwidth allocation | Conference | 398 |
ISSN | Citations | PageRank |
1867-8211 | 0 | 0.34 |
References | Authors | |
0 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Lijia Xie | 1 | 0 | 0.68 |
Shuang Zhao | 2 | 0 | 0.34 |
Xiao Zhang | 3 | 4 | 2.77 |
Yiming Shi | 4 | 0 | 0.34 |
Xin Xiao | 5 | 0 | 0.34 |
Zhiming Zheng | 6 | 0 | 0.34 |