Affordable Access

Blocking DoS Attack Traffic in Network with Locator/Identifier Separation

Authors
Publisher
ACADEMY PUBLISHER
Publication Date
Keywords
  • Locator/Identifier Separation
  • Dos Attack
  • Dos Defense
  • Mapping System
  • Network Security
Disciplines
  • Computer Science

Abstract

DoS attacks remain a most serious threat to the Internet currently, how to mitigate DoS attack is still an open issue. Besides, the current Internet faces serious scaling problems, and locator/identifier separation is widely recognized as a most promising solution for the future Internet. To block DoS attack traffic in network with locator/identifier separation, we propose a network layer defense system called BlockDoS. BlockDoS expands the mapping entries of the mapping system to store the block information, and enables any DoS attack victim to actively request the network to block unwanted traffic at tunnel routers. We implement a prototype of BlockDoS. The analysis and experiment results show that BlockDoS can block multi-million attackers’ traffic within tens of minutes, and the computing and storage costs added by BlockDoS won’t affect the performance of the mapping servers and tunnel routers.

There are no comments yet on this publication. Be the first to share your thoughts.