Abstract
Large-scale Internet Protocol (IP) spoofing distributed denial-of-service (DDoS) attacks is one of the major cyber threats. Current commercial defenses focus on eliminating attacks at the destination end, which raises concerns about the cost of appliances and the impact on quality of service. As complementaries, source-end schemes using source address validation (SAV) can block IP spoofing traffic from entering the backbone. However, their effectiveness is restricted by incremental deployment. This paper proposes SAV-D, an SAV-based honeynet-like distributed defense architecture against IP spoofing DDoS. Each SAV device functions as a honeypot to capture more threat data. By aggregating these data, SAV-D can accurately detect ongoing attacks and generate defense policies. With the policies, both SAV and non-SAV devices can filter malicious traffic. Our simulation results demonstrate that SAV-D can effectively filter out 80% of attack traffic with a modest deployment ratio of only 10%. To enable broader adoption, we also provide some guidance on standardizing SAV-D.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
