Abstract

DDoS (Distributed Denial of Service) attacks are a serious threat to the legitimate use of the Inter- net. Many defense methods against DDoS attacks have been suggested. However, the deployment of defense systems becomes an important issue. A previous work, called the Shield [3], brought up the deployment problem and handles the issue with traffic trapping and traffic black-holing tech- niques. In this paper, a framework for redirection and filtering that works within an AS (Autonomous System) is proposed, while the Shield works outside an AS. This system is designed for protecting legitimate resources from DDoS attacks and for dispersing traffics in small-scale networks such as an AS. In addition, we design the structure that can be deployed and work without changing pervious routers. We also show the optimal number of deployed systems and deployment location through simulation.