论文信息 - Denial of Service ? Leave it to Beaver

Denial of Service ? Leave it to Beaver

We present Beaver, a method and architecture to “build dams” to protect servers from Denial of Service (DoS) attacks. Beaver allows efficient filtering of DoS traffic using low-cost, high-performance, readily-available packet filtering mechanisms. Beaver improves on previous solutions by not requiring cryptographic processing of messages, allowing the use of efficient routing (avoiding overlays), and establishing keys and state as needed. We present two prototype implementations of Beaver, one as part of IPSec in a Linux kernel, and a second as an NDIS hook driver on a Windows machine. Our measurements illustrate that Beaver withstands severe DoS attacks without hampering the client-server communication. Moreover, Beaver is simple and easy to deploy.

Idit Keidar | Amir Herzberg | Gal Badishi | Avital Yachin | Oleg Romanov

[1] Neil Haller,et al. The S/KEY One-Time Password System , 1995, RFC.

[2] Oded Goldreich,et al. The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[3] H.C.J. Lee,et al. Port hopping for resilient networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[4] Idit Keidar,et al. Keeping Denial-of-Service Attackers in the Dark , 2007, IEEE Transactions on Dependable and Secure Computing.

[5] Oded Goldreich,et al. Foundations of Cryptography: Basic Tools , 2000 .

[6] Danny Dolev,et al. On a NIC's Operating System, Schedulers and High-Performance Networking Applications , 2006, HPCC.

[7] David G. Andersen,et al. Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[8] Angelos D. Keromytis,et al. SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[9] Silvio Micali,et al. How to construct random functions , 1986, JACM.