SAVA Deployment for Spoofed Source Attacks

EasyChair Preprint 15950

Abstract

Distributed Denial of Service (DDoS) attacks are one of the main threats facing the Internet today, and a considerable number of them originate from attacks using spoofed source addresses. The Source Address Verification Architecture (SAVA) technology can effectively mit igate such attacks by verifying the legitimacy of the source address. How ever, the deployment of SAVA faces some practical challenges, including the complexity of real network topologies, high deployment costs, and the impracticality of full deployment. To address these issues, this paper describes the SAVA deployment model in detail and proposes an incre mental deployment approximation algorithm. The algorithm can identify a set of approximately optimal SAVA deployment points in any network topology, aiming to maximize the filtering of attack traffic. Experimental results show that compared with conventional deployment methods, the deployment algorithm shows superior performance in handling spoofed source attacks while maintaining a low false negative probability.

Keyphrases: DDoS, Deployment, SAVA, Spoofed source

@booklet{EasyChair:15950,
  author    = {Wenjie Yang and Yong Tang and Wenyong Wang},
  title     = {SAVA Deployment for Spoofed Source Attacks},
  howpublished = {EasyChair Preprint 15950},
  year      = {EasyChair, 2025}}