The distributed denial-of-service (DDoS) attack could be a serious threat to the legitimate use of the Internet. Prevention mechanisms are thwarted by the power of attackers to forge or spoof the source addresses in IP packets. By using IP spoofing, attackers can evade detection and place a considerable burden on the destination network for policing attack packets. In this paper, we propose an interdomain packet filter (IDPF) design which will mitigate the level of IP spoofing on the Internet. A key feature of our theme is that it does not need international routing information. IDPFs are made from the knowledge implicit in border gateway protocol (BGP) route updates and are deployed in network border routers. We establish the conditions below that the IDPF framework correctly works in that it will not discard packets with valid source addresses. Based on intensive simulation studies, we have a tendency to show that, even with partial deployment on the Internet, IDPFs can proactively limit the spoofing capability of attackers. In addition, they can facilitate localize the origin of an attack packet to a tiny number of candidate networks.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here