Tongxin xuebao (Sep 2013)

AS-level model for restraining DoS attacks

  • Xian-liang JIANG,
  • Guang JIN,
  • Jian-gang YANG,
  • Jia-ming HE

Journal volume & issue
Vol. 34
pp. 132 – 141

Abstract

Read online

Combined with the next generation security architecture,a novel AS-level defense scheme was proposed to restrain DoS attacks in the Internet.And the deficiencies of previous capability schemes were analyzed in detail,especially on requesting/withdrawing authorization of capabilities.The scheme takes account of a congestion feedback mechanism,a combination with multi-level active queue management,and the credit computation.Then a further analysis on the scheme’s effectiveness was presented.Several experiments with NS2 and CAIDA’s topology datasets were performed to evaluate the authorizing time and traffic,the average requesting time and common file transfer time of different schemes.The results show that this scheme can effectively reduce the average requesting time of capabilities,improve common file transfer efficiency,and enhance the feasibility and robustness.

Keywords