Failure Isolation based Defense against Internet CXPST-like Attack

نویسندگان

  • Hongjun Liu
  • Xiaofeng Hu
  • Dan Zhao
  • Xicheng Lu
چکیده

Attacking on inter-domain routing system degrades the availability and performance of Internet severely. It is challenge to defend against the extreme attacks which exhaust the resources of routers by generating a great number of update messages. In this paper, we propose two mechanisms to protect Internet from such attacks: to isolate attacks in local region, unnecessary updates are suppressed without affecting the correctness of routing; to break down the route flapping which repeatedly generates updates, the paths selected are validated to detour the attacked links, which diffuses the deliberately attacks to random attacks . Simulation shows our methods greatly decrease the number of updates under such attacks, and isolate the attacks in local region of network.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Comprehensive Survey of Distributed Defense Techniques against DDoS Attacks

Distributed Denial of Service Attacks imposes a major threat to the availability of Internet services. Most of the applications like banking, trade, and e-commerce are dependent on availability of Internet. Defending Internet from these attacks has become the need of the hour. A typical DDoS defense comprises of three modules namely traffic monitoring, traffic analysis and traffic filtering. Ba...

متن کامل

Autonomous Agent for DDoS Attack Detection and Defense in an Experimental Testbed

Distributed Denial of Service (DDoS) attacks impinge on the availability of critical resources in the Internet domain. The objective of this paper is to develop an autonomous agent based DDoS defense in real time without human intervention. A mathematical model based on Lanchester law has been designed to examine the strength of DDoS attack and defense group. Once attack strength is formulated ...

متن کامل

Deployment of Distributed Defense against DDoS Attacks in ISP Domain

Distributed Denial of Service attacks pose a serious threat to the online applications like banking, trade, and e-commerce which are dependent on availability of Internet. Defending Internet from these attacks has become the need of the hour for sustainable development of any economy. Most of the research work in this area focuses on developing defense against these attacks without considering ...

متن کامل

Spectrum Sensing Data Falsification Attack in Cognitive Radio Networks: An Analytical Model for Evaluation and Mitigation of Performance Degradation

Cognitive Radio (CR) networks enable dynamic spectrum access and can significantly improve spectral efficiency. Cooperative Spectrum Sensing (CSS) exploits the spatial diversity between CR users to increase sensing accuracy. However, in a realistic scenario, the trustworthy of CSS is vulnerable to Spectrum Sensing Data Falsification (SSDF) attack. In an SSDF attack, some malicious CR users deli...

متن کامل

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A tutorial

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its Internet connection, or both. In the last two years, it is discovered that DDoS attack methods and tools are becoming more sophisticated, effective, an...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012