Detection and identification mechanism against spoofed traffic using distributed agents

Abstract

Recently, as the serious damage caused by spoofed traffic like DDoS attacks increases, the rapid detection and the proper response mechanisms are urgent. However, existing security mechanisms do not provide effective defense against these attacks, and cannot especially identify the origin generating the spoofed traffic. In this paper, we describe a simple and practical solution that supports the immediate detection and identification for spoofing attack agent. Proposed agent needs only one per a router, and the modification of legacy routers is not required. So, if agents as many as routers are distributed, they can perfectly detect the spoofed traffic generated on themselves network, and directly identify the attack agent, regardless of spoofing level. We implement the proposed mechanism, experiment with strong DDoS tool on the real network, and confirm the effectiveness of our design. © Springer-Verlag 2004.