DISCS: A DIStributed Collaboration System for Inter-AS Spoofing Defense

Abstract

IP spoofing is prevalently used in DDoS attacks for anonymity and amplification, making them harder to prevent. Combating spoofing attacks requires the collaboration of different autonomous systems (ASes). Existing methods either lack flexibility in collaboration or require centralized control in the inter-AS environment. In this paper, we propose a Distributed Collaboration System (DISCS) for inter-AS spoofing defense, which allows ASes to flexibly collaborate in spoofing defense in a distributed manner. Each DISCS-enabled AS implements four defense functions. When a victim AS is under a spoofing attack, it can request other ASes to execute the most appropriate defense functions. We present the distributed and flexible control plane design and the backward compatible and incrementally deployable data plane design for both IPv4 and IPv6. We evaluate DISCS with theoretical proof and simulations using real Internet data. The results show that DISCS has strong deployment incentives, high effectiveness, minimal false positives, modest resource consumption and strong security.