Skip to main content
Log in

sShield: small DDoS defense system using RIP-based traffic deflection in autonomous system

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

DDoS (distributed denial of service) attacks have gradually increased and have become more sophisticated. There have been several methods for defending against these attacks. However, because the types and scales of DDoS attacks have been diversified, it has become important to defend against DDoS attacks not only in main networks, but also in small scale networks such as AS (autonomous system). We have designed a DDoS defense system working inside AS without either changing the network structure or modifying the router. For this purpose, we have applied the Shield mechanism, which deals with the location problem in DDoS defense, and utilizes the routing updates protocol called RIP (routing information protocol), a representative protocol of IGP (interior gateway protocol). Moreover, we have also conducted experiments by using simulations to find the optimal number and locations of deployed systems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Klisne E, Afanasyev A, Reiher P (2011) Shield: dos filtering using traffic deflecting. In: Proc of the 19th IEEE international conference on network protocols (ICNP 2011), Vancouver, pp 37–42

    Chapter  Google Scholar 

  2. Trustwave SpiderLabs (2011). The web hacking incident database semiannual report, July to December 2010. Technical report, Computer Science in Trustwave SpiderLabs

  3. Garg K, Chawla R (2011) Detection of DDoS attacks using data mining. Int J Comput Bus Res 2(1)

  4. Peng T, Lecke C, Ramanohanarao K (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1)

  5. Mirkovic J, Reiher P (2004) A Taxonomy of DDoS Attack and DDoS Defense Mechanisms, ACM SIGCOMM 34(2)

  6. Klisne E, Beaumont-Gay M, Mirkovic J, Reiher P (2009) RAD: Reflector attack defense using message authentication codes. In: Proc of annual computer security applications conference (ASAC 2009), Honolulu. IEEE Press, New York, pp 269–278.

    Chapter  Google Scholar 

  7. Zaroo P (2002) A survey of DDoS attacks and some DDoS defense mechanisms. Advanced Information Assurance (CS 626)

  8. Ferguson P, Senie D (2000) Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. RFC 2267 technical report, The Internet Society

  9. Burch H, Cheswick B (2000) Tracing anonymous packets to their approximate source. In: Proc of the USENIX large installation systems administration conference, New Orleans, pp 319–327

    Google Scholar 

  10. Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. Technical report, Department of Computer Science and Engineering, University of Washington

  11. Kang H-S, Kim S-R (2012) Design and experiments of small DDoS defense system using traffic deflecting in autonomous system. In: Proc of 4th international workshop on managing insider security threats (MIST 2012, JISIS), vol 2, pp 43–53

    Google Scholar 

  12. Noureldien NA (2002) Protecting web servers from DoS/DDoS flooding attacks: a technical overview. In: Proc of International conference on web-management for international organisations, Geneva

    Google Scholar 

Download references

Acknowledgements

This research was supported by Next-Generation Information Computing Development Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT, & Future Planning (2011-0029924). This research project was also supported by Ministry of Culture, Sports, and Tourism (MCST), and from the Korea Copyright Commission in 2013.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sung-Ryul Kim.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kang, HS., Kim, SR. sShield: small DDoS defense system using RIP-based traffic deflection in autonomous system. J Supercomput 67, 820–836 (2014). https://doi.org/10.1007/s11227-013-1031-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-1031-7

Keywords

Navigation