Design and Experiments of Small DDoS Defense System Using Traffic Deflecting in Autonomous System
DDoS (Distributed Denial of Service) attacks are a serious threat to the legitimate use of the Internet. Many defense methods against DDoS attacks have been suggested. However, the deployment of defense systems becomes an important issue. In this paper, a framework for redirection and filtering that works within an AS (Autonomous System) is proposed, while the Shield works outside an AS. This system is designed for protecting legitimate resources from DDoS attacks and for dispersing traffics in small-scale networks such as an AS. In addition, the authors design the structure that can be deployed and work without changing pervious routers. They also show the optimal number of deployed systems and deployment location through simulation.