Abstract:
As per the reports of McAfee and Google, DDoS attacks are ranked the third-most dangerous network attacks, and their intensity is expected to increase in the future. To defend against these DDoS attacks, we propose a preventive approach in this paper. This approach aims to stop the DDoS attack traffic from reaching the victim’s network. Our proposed technique is based upon the use of Path Identifiers (PIDs), primarily used in Information-Centric Networks, to force the forwarding of response packets on these Path IDs and not IP forwarding. As against static PIDs, we use reliable dynamic PIDs (RDPID, two for each link) to refrain the attackers from learning these PIDs and launching the attack. With the proposed RDPID technique, the PID negotiation time is reduced to 6 ms for 99% of the cases, as against 23 ms with the use of Dynamic PIDs (DPIDs) proposed in the literature. Furthermore, the attack mitigation time is reduced by (approx) 40% compared with similar techniques using DPID available in the literature.