2007 | OriginalPaper | Chapter
Scheme of Defending Against DDoS Attacks in Large-Scale ISP Networks
Authors : Zhi-jun Wu, Dong Zhang
Published in: Network and Parallel Computing
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
A scheme that defending against distributed denial of service (DDoS) attacks adopts the mechanism of Distribution-based Secure Overlay Nodes (DSON) to a large-scale ISP (Internet Service Provider) network is presented. The scheme uses local BPG announcement to divert traffic to the overlay network when experiencing high load, then filtering algorithm based on the technology of signal processing is applied to the diverted traffic. This algorithm detects and filters out DDoS attacks in frequency domain to allow targets to provide good service to legitimate traffic, with fast reaction and high energy ratio of legitimate to attacks traffic. DSON is implemented and installed on the monitor points of large-scale ISP network associated with the corresponding routers, edge router, border router, and core router, with no requirement for the modifying to network architecture, infrastructure, and protocol.