A Pseudonymous Credit Driven Mechanism to Mitigate DDoS

Chapter
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 127)

Abstract

We propose a new mitigation mechanism against DDoS called Pseudonymous Credit Driven Mechanism (PsCredit). The primary driving force of this mechanism is a new cyberspace economic modeling - pseudonymous credit modeling, which provides a suitable ROI scheme and support for roaming and privacy. This mechanism can process packets at wire-speed, and it can defend effectively against all known DDoS attacks.

Keywords

Network Packet Legal User Response Packet Collusion Attack Internet Society 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bernstein, D.J.: Syn cookies (1996), http://cr.yp.to/syncookies.html (cited September 2011)
  2. 2.
    Gligor, V.D.: Guaranteeing Access in Spite of Distributed Service-Flooding Attacks. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 80–96. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Juels, A., Brainard, J.G.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: NDSS, The Internet Society (1999)Google Scholar
  4. 4.
    Mankin, A., Massey, D., Wu, C.L., Wu, S., Zhang, L.: On design and evaluation of ”intention-driven” icmp traceback. In: ICCCN 2001, pp. 159–165 (2001)Google Scholar
  5. 5.
    Mankins, D., Krishnan, R., Boyd, C., Zao, J., Frentz, M.: Mitigating distributed denial of service attacks with dynamic resource pricing. In: ACSAC, pp. 411–421 (2001)Google Scholar
  6. 6.
    Mirkovic, J., Prier, G., Reiher, P.: Attacking ddos at the source. In: 10th IEEE International Conference on Network Protocols, 2002. Proceedings, pp. 312–321 (2002)Google Scholar
  7. 7.
    Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based ip filtering. In: ICC 2003, vol. 1, pp. 482–486 (2003)Google Scholar
  8. 8.
    Yaar, A., Perrig, A., Song, D.: Siff: a stateless internet flow filter to mitigate ddos flooding attacks. In: Oakland 2004, pp. 130–143 (2004)Google Scholar

Copyright information

© Springer-Verlag GmbH Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Institute of Computer Science & TechnologyPeking UniversityBeijingChina
  2. 2.Baidu Inc.BeijingChina
  3. 3.China Information Technology Security Evaluation CenterBeijingChina

Personalised recommendations