Inter-domain Security Management to Protect Legitimate User Access from DDoS Attacks

In this paper, we propose a cooperative inter-domain security mana- gement to protect access of legitimate users from the DDoS attacks exploiting randomly spoofed source IP addresses. We assume that Internet is divided into multiple domains and there exists one or more domain security manager in each domain, which is responsible for identifying hosts within the domain. The security management cooperation is achieved in two steps. First, a domain security manager forwards information regarding identified suspicious attack flows to neighboring managers. Secondly, the domain security manager verifies the attack upon receiving return messages from the neighboring managers. The management method proposed in this paper is designed not only to prevent network resources from being exhausted by the attacks but also to increase the possibility that legitimate users can fairly access the target services. Through the experiment on a test-bed, the proposed method was verified to be able to maintain high detection accuracy and to enhance the normal packet survival rate.