Sciweavers

JSAC
2006

StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense

14 years 13 days ago
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
Today's Internet hosts are threatened by large-scale Distributed Denial-of-Service (DDoS) attacks. The Path Identification (Pi) DDoS defense scheme has recently been proposed as a deterministic packet marking scheme that allows a DDoS victim to filter out attack packets on a per packet basis with high accuracy after only a few attack packets are received [40]. In this article, we propose the StackPi marking, a new packet marking scheme based on Pi, and new filtering mechanisms. The StackPi marking scheme consists of two new marking methods that substantially improve Pi's incremental deployment performance: Stack-based marking and Write-ahead marking. Our scheme almost completely eliminates the effect of a few legacy routers on a path, and performs 2
Abraham Yaar, Adrian Perrig, Dawn Song
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2006
Where JSAC
Authors Abraham Yaar, Adrian Perrig, Dawn Song
Comments (0)