An Approach for Prohibiting Distributed Denial-OF-Service Using Dynamic Path Identifiers through Inter-Domain Routing

Abstract

Lately, there are expanding consequence in utilizing an inter-domain routing objects as Path Identifiers (PIDs). In any case, PIDs utilized in current methodologies are static, which makes simple for attackers to dispatch Distributed Denial-of Service (DDoS) flooding attacks. To deal with this consequence, it gives the consideration for the construction, performance and assessment of DPID, an architecture which utilizes PIDs negotiated amidst adjoining domains as inter-domain routing. In DPID, inter-domain route of PID bridging two domains is preserved as secret and varies dynamically. This system portrays exactly how adjoining domains handle PIDs, in what way it manages continuous communications while PIDs change. It builds 22-node model which holds three domains to authenticate DPID’s usefulness and leads comprehensive simulations to figure out its capability and cost. Outcomes from both experiments and simulations demonstrate that D-PID can effectively prohibit DDoS attacks. In D-PID, it gives the outcome as two contiguous domains frequently update the PIDs amidst them and install new PIDs for packet forwarding into the data plane. Hence, it concludes regardless of whether the attacker acquires PIDs of its destination and later forwards malicious packets successfully, after a particular time period these PIDs turn to be invalid and the following packets will be sent from other path to the destination. Besides, if any attacker strives to retrieve new PIDs and carries DDoS flooding attack, as a matter there will be increment in attacking cost, as well as makes it simple for detecting the attacker.