Deployable Filtering Architectures Against Denial-of-Service Attacks
نویسنده
چکیده
The Denial-of-Service attack problem continues to grow despite the fact that many solutions have been proposed in the research literature and the commercial field. The problem is not that the solutions have not had technical merit, but that they have either not scaled to architectural levels or they have had serious deployment issues. As a result, there is still no comprehensive, architectural solution to the problem of large, distributed DoS attacks. This report presents three incrementally-deployable architectures against DoS that provide clear incentives for early adopters while improving in effectiveness as deployment progresses. The report also discusses completed research as well as a future experiment plan to show that the architectures would be able to cope with large attacks even when their components are built using cheap, off-the-shelf hardware.
منابع مشابه
Complementary Architectures for Preventing and Combating Denial-of-Service Attacks
Years after their first appearance, Denial-of-Service (DoS) attacks continue to grow and the motivation behind them has become criminal. The research community has brought forward numerous proposals to the problem, but most of them, despite their technical merit, have encountered difficult deployment problems. Commercial solutions and services exist, but they are only affordable to large instit...
متن کاملDeployable filtering architectures against large denial-of-service attacks
Denial-of-Service attacks continue to grow in size and frequency despite serious underreporting. While several research solutions have been proposed over the years, they have had important deployment hurdles that have prevented them from seeing any significant level of deployment on the Internet. Commercial solutions exist, but they are costly and generally are not meant to scale to Internet-wi...
متن کاملProtecting Public-Access Sites Against Distributed Denial-of-Service Attacks
A distributed denial-of-service (DDoS) attack can flood a victim site with malicious traffic, causing service disruption or even complete failure. Public-access sites like amazon or ebay are particularly vulnerable to such attacks, because they have no way of a priori blocking unauthorized traffic. We present Active Internet Traffic Filtering (AITF), a mechanism that protects public-access site...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملAn Analysis of DepenDNS
Recently, a new scheme to protect clients against DNS cache poisoning attacks was introduced. The scheme is referred to as DepenDNS and is intended to protect clients against such attacks while being secure, practical, efficient and conveniently deployable. In our paper we examine the security and the operational aspects of DepenDNS. We highlight a number of severe operational deficiencies that...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007