With the increase of sophistication and severity of DDoS attack, it is important for a victim site to quickly identify the potential attackers and eliminate their traffic. Our work is based on the probabilistic marking algorithm by Savage[12] in which an attack graph can be constructed by a victim site. We extend the concept further such that we can deduce the local traffic rate of each router in the attack graph based on the received marked packets. Given the intensities of these local traffic rates, we can eliminate these attackers from sending high volume of traffic to a victim site. More importantly, we propose a theoretical method to determine the minimum stable time t{sub}(min), which is the minimum time it takes to accurately determine the local traffic rate of every participating router in the attack graph.
展开▼