| Presentation | 2013-03-14 Proposal of DDoS attack mitigation using two-step map table lookup on LISP Toshifumi SAITO, Masatoshi ENOMOTO, Hiroaki HAZEYAMA, Youki KADOBAYASHI, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | DDoS attacks are serious threats. Although many countermeasures to DDoS attacks have been devel- oped and practiced, most of them drop both attack traffic and legitimate communications. Furthermore, current countermeasures are easily recognized or evaded by attackers. In this paper, We propose a DDoS countermeasure that has the potential not to interfere with legitimate communications while mitigating DDoS attacks and hiding itself from attackers. The key idea of our proposal is creating decoy servers and decoy routers on ingress points of a DDoS attack by an extended LISP. The neighborhood of the machine which transmits large quantities of packets is set up as a decoy where the attack occurs. The effect on normal traffic is reduced, and the targeted machine and the route's DDoS load are reduced. In addition, we propose Locator/ID Separation Protocol (LISP)to conceal the post mitigation effect from the attacker. Based on this, in order to materialize our proposal, we developed a prototype system which can enforce DDoS mitigation. This prototype utilizes the combination of both the LISP Map Table and another Map Table to execute the original LISP. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DDoS mitigation / LISP / Decoy servers |
| Paper # | SITE2012-51,IA2012-89 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2013/3/7(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Proposal of DDoS attack mitigation using two-step map table lookup on LISP |
| Sub Title (in English) | |
| Keyword(1) | DDoS mitigation |
| Keyword(2) | LISP |
| Keyword(3) | Decoy servers |
| 1st Author's Name | Toshifumi SAITO |
| 1st Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology() |
| 2nd Author's Name | Masatoshi ENOMOTO |
| 2nd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| 3rd Author's Name | Hiroaki HAZEYAMA |
| 3rd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| 4th Author's Name | Youki KADOBAYASHI |
| 4th Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| Date | 2013-03-14 |
| Paper # | SITE2012-51,IA2012-89 |
| Volume (vol) | vol.112 |
| Number (no) | 489 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |