SAVNET-based Anti-DDoS Architecture
draft-cui-sada-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Yong Cui , Jianping Wu , Linbo Hui , Lei Zhang | ||
| Last updated | 2023-03-13 (Latest revision 2022-09-09) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document proposes the SAVNET-based Anti-DDoS Architecture (SADA), which can efficiently detect, mitigate, and traceback Denial- of-Service (DDoS) attacks that spoof source addresses. The SADA consists of a distributed DDoS detection mechanism based on honeynets, a multi-stage DDoS mitigation mechanism, and a suspect- based DDoS traceback mechanism. By adopting the Source Address Validation (SAV) technique of SAVNET and introducing the data plane and the control plane, the SADA makes minor changes to the SAVNET while providing major benefits.
Authors
Yong Cui
Jianping Wu
Linbo Hui
Lei Zhang
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)