Large scale DDoS aims to take victim down by sending large traffic. Existing work in DDoS defense tries to filter attack traffic. The filtering process causes collateral damage. A lot of researches had been done to mitigate collateral damages, such as IP traceback, finding new DDoS recognizing method, and so on. All these researches confirm attack traffic, filter it, nothing will be done after filtering. In this paper we proposed a new DDoS defense method which uses an improved nest loop algorithm to handle filtered traffic, after that, access control lists are established to reduce collateral damage. A careful experiment evaluation shows that our method can be used to defend against large scale DDoS, and it gives a new way to mitigate collateral damage.

• 出版日期2009
• 单位西北大学