Line-rate Defenses Approach against 10 Gbps DDoS Attacks

Authors

Su Cheng, 1. 3 JiLing University of Tech., Najing 211106, China, China;;
Wentong Wang, 2. JiangSu Senseit Electronics Tech. Co. Ltd, Wuxi 214135, China;;
Shibao Yang, 1. 3 JiLing University of Tech., Najing 211106, China, China;;
Xv Linlin, 3. Henuo Tech. Beijing Co. Ltd, Beijing 100055, China;;
Xinan Tang, 4. Nanjing Yunlilai software tech. Co. Ltd, Nanjing 211100, China;

Abstract

Abstract: Defenses approach against DDoS(Distributed Denial of Service) attacks is currently an important hot issues. We propose a new efficient defenses approach which adopts a detection system based on metadata analysis to identify the packages of DDoS attacks. The flow control rules are formed based on the summarized experience data. ACL (Access Control List) is applied through inline devices (firewalls and load balancers) or divider to limit rate, clean flow or drop package. 10Gbps bandwidth HTTP requests, which contain malicious DDoS attacks packages, can be detected and cleaned completely in line-rate speed. We especially summarize th traffic characteristics of main domestic DDoS attacks.

Recommended Citation

Cheng, Su; Wang, Wentong; Yang, Shibao; Linlin, Xv; and Tang, Xinan (2020) "Line-rate Defenses Approach against 10 Gbps DDoS Attacks," Journal of System Simulation: Vol. 29: Iss. 11, Article 40.
DOI: 10.16182/j.issn1004731x.joss.201711040
Available at: https://dc-china-simulation.researchcommons.org/journal/vol29/iss11/40

First Page

2898

DOI Link

https://doi.org/10.16182/j.issn1004731x.joss.201711040

Last Page

2902

CLC

TP391.7

Recommended Citation

Su Cheng, Wang Wentong, Yang Shibao, Xv Linlin, Tang Xinan. Line-rate Defenses Approach against 10 Gbps DDoS Attacks[J]. Journal of System Simulation, 2017, 29(11): 2898-2902.

DOI

10.16182/j.issn1004731x.joss.201711040