摘要: Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions dollars financial loss. This work presents NetFence, a scalable DoS-resistant network architecture. NetFence uses novel mechanism, secure congestion policing feedback, to enable robust inside network. Bottleneck routers update feedback in packet headers signal congestion, access use it police senders' traffic. Targeted DoS victims can as capability tokens suppress unwanted When compromised senders receivers organize into pairs congest link, provably guarantees legitimate sender its fair share resources without keeping per-host state at congested link. We Linux implementation, ns-2 simulations, theoretical analysis show that is an effective solution: reduces amount maintained by router from most per-(Autonomous System).
acm.org
sigcomm.org 参考文章(39)
Jon Crowcroft, Andrew Warfield, Christian Kreibich, Steven Hand, Ian Pratt, Using Packet Symmetry to Curtail Malicious Traffic ,(2005)
David G. Andersen, Elaine Shi, Ion Stoica, Adrian Perrig, OverDoSe: A Generic DDoS Protection Service Using an Overlay Network ,(2006)
Robert Stone, Centertrack: an IP overlay network for tracking DoS floods usenix security symposium. pp. 15- 15 ,(2000)
Radia Joy Perlman, Network layer protocols with byzantine robustness Massachusetts Institute of Technology. ,(1988)
Vitaly Shmatikov, Harrick Vin, Ajay Mahimkar, Jasraj Dange, Yin Zhang, dfence: transparent network-based denial of service mitigation networked systems design and implementation. pp. 24- 24 ,(2007)
Arvind Krishnamurthy, Thomas Anderson, Colin Dixon, Phalanx: withstanding multimillion-node botnets networked systems design and implementation. pp. 45- 58 ,(2008)
David G. Andersen, Mayday: distributed filtering for internet services usenix symposium on internet technologies and systems. pp. 3- 3 ,(2003)
David Wetherall, Xin Liu, Xiaowei Yang, Ang Li, Passport: secure and adoptable source authentication networked systems design and implementation. pp. 365- 378 ,(2008)
K. Ramakrishnan, S. Floyd, D. Black, The Addition of Explicit Congestion Notification (ECN) to IP The Addition of Explicit Congestion Notification (ECN) to IP. ,vol. 3168, pp. 1- 63 ,(2001)
Matthew Mathis, Jeffrey Semke, Jamshid Mahdavi, Teunis Ott, The macroscopic behavior of the TCP congestion avoidance algorithm acm special interest group on data communication. ,vol. 27, pp. 67- 82 ,(1997) , 10.1145/263932.264023