The management of capabilities for Traffic Validation Architecture

The capabilities technique offers a new direction to defend against DDoS attacks. As a typical capabilities scheme, Traffic Validation Architecture (TVA) shows much good performances. However, the management of capabilities in TVA has not been fully taken into account and results in more difficult in actual deployment. So we propose a novel scheme based on index and the Least-Recently-Used (LRU) algorithm to manage the capabilities in TVA. In our scheme, the index was used to classify capabilities into different categories according to the length of capabilities. And then the LRU algorithm was operated in related categories. Theoretical and experimental results show that our scheme can optimize the overall searching performance for capabilities information and improve deplorability and efficiencies of TVA.

[1]  David Wetherall,et al.  Preventing Internet denial-of-service with capabilities , 2004, Comput. Commun. Rev..

[2]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[3]  Guang Jin,et al.  Deterministic packet marking based on redundant decomposition for IP traceback , 2006, IEEE Communications Letters.

[4]  Yabo Dong,et al.  Stateless Filtering Based on Enhanced Capabilities: Stateless Filtering Based on Enhanced Capabilities , 2011 .

[5]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[6]  David Wetherall,et al.  TVA: a DoS-limiting network architecture , 2008, TNET.

[7]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[8]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[9]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[10]  Lachlan L. H. Andrew,et al.  Adaptive Deterministic Packet Marking , 2006, IEEE Communications Letters.

[11]  Abbass Asosheh,et al.  A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification , 2008 .

[12]  Elaine Shi,et al.  Portcullis: protecting connection setup from denial-of-capability attacks , 2007, SIGCOMM 2007.