论文信息 - Defeating Denial-of-Service Attacks on the Internet

Defeating Denial-of-Service Attacks on the Internet

Network Denial-of-Service (N-DoS) attacks are one of the fastest growing types of attack on the Internet. This paper addresses the vulnerabilities in Internet protocols, as well as deficiencies in flow-control in the Internet, both of which contribute to the loss of resource availability when networks suffer N-DoS attacks. Furthermore, an AFFC (Anti-flooding Flow-Control) model is presented to defend against flooding N-DoS attacks. AFFC policies regulate unresponsive elastic traffic and aggressive best-effort traffic for specific flow classes. Experiments have demonstrated that the deployment of this model can thwart harmful flows and prevent congestion collapse by flooding N-DoS attacks.

Baoqing Ye | Baoqing Ye

[1] Van Jacobson,et al. Random early detection gateways for congestion avoidance , 1993, TNET.

[2] Sally Floyd,et al. Why we don't know how to simulate the Internet , 1997, WSC '97.

[3] Van Jacobson,et al. Link-sharing and resource management models for packet networks , 1995, TNET.

[4] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[5] David L. Black,et al. An Architecture for Differentiated Service , 1998 .

[6] R. Wilder,et al. Wide-area Internet traffic patterns and characteristics , 1997, IEEE Netw..

[7] Sally Floyd,et al. Promoting the use of end-to-end congestion control in the Internet , 1999, TNET.