With the increasingly prominent problems in the scalability, security, mobility and some other issues of Internet, identifier-locator split network has become a hot topic in the research of the next-generation network structure. In this network, split and mapping between identifier and locator make network security change accordingly compared with the current Internet. This paper makes a comparative analysis on distributed denial of service (DDoS) attacks between the current Internet and identifier-locator split network using the attack graph modelling approach based on the expected loss. It proves that the identifier-locator split network effectively alleviates DDoS attacks, and performs much better than the current Internet in security. Additionally, this paper verifies the correctness of the implementation of the attack graph as a model approach by simulations.

• 出版日期2013-12-1
• 单位北京交通大学