Abstract
With the increasingly prominent problems in the scalability, security, mobility and some other issues of Internet, identifier–locator split network has become a hot topic in the research of the next-generation network structure. In this network, split and mapping between identifier and locator make network security change accordingly compared with the current Internet. This paper makes a comparative analysis on distributed denial of service (DDoS) attacks between the current Internet and identifier–locator split network using the attack graph modelling approach based on the expected loss. It proves that the identifier–locator split network effectively alleviates DDoS attacks, and performs much better than the current Internet in security. Additionally, this paper verifies the correctness of the implementation of the attack graph as a model approach by simulations.
Acknowledgements
This work was partially supported by the National Natural Science Foundation of China under grant Nos. 61202428 and 61271200. The authors thank the other cooperators in this project for their contributions in this paper. The authors are also grateful to the anonymous referees for their insightful comments and suggestions.