Abstract
Recently, Denial-of-Service (DoS) attacks have become the mainstream threat to the Internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the filtering location, the proposed schemes can be grouped into Victim-end Filtering and Source-end Filtering. The first scheme uses a single filtering router to block the attack flows near the victim, but does not take the factor that the filters are scarce resource into account, which causes the huge loss of legitimate flows; considering each router could contribute a few filters, the other extreme scheme pushes the filtering location back into each attack source so as to obtain ample filters, but this may incur the severe network transmission delay due to the abused filtering routers. Therefore, in this paper, we propose a scalable filter-based packet filtering scheme to balance the number of filtering routers and the available filters. Through emulating DoS scenarios based on the synthetic and real-world Internet topologies and further implementing the various filter-based packet filtering schemes on them, the results show that our scheme just uses fewer filtering routers to cut off all attack flows while minimizing the loss of legitimate flows.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
